Problems using robots with authentication

Dmitry Kurochkin dmitry.kurochkin at measurement-factory.com
Thu Oct 20 14:19:25 UTC 2011 

Hello.

On Thu, 20 Oct 2011 11:37:46 -0200, Fábio César Miranda de Araújo <ufa at ig.com.br> wrote:
> Hello :)
> 
> I am trying to do some testing with our new McAfee proxy, using
> polygraph, but we are failing to do it with proxy authentication.
> 
> Client ends with this message:
> --------------------------------------------------------------------
> HTTP/1.1 407 authenticationrequired
> Content-Type: text/html
> Cache-Control: no-cache
> Content-Length: 2594
> Proxy-Connection: Close
> Proxy-Authenticate: NTLM
> Proxy-Authenticate: Basic realm="McAfee Web Gateway"
> 
> 
> NtlmAuth.cc:798: assertion failed: 'false'
> Aborted
> -----------------------------------------------------------------------------
> 
> it seems to me that the client receive the 407 message, but something
> goes wrong and the program exits.
> 
> Here follows the robot configuration:
> 
> Robot R = {
>     credentials = [ "myusername:mypassword" ];
>     kind = "R101";
>     interests = [ "public": 50% ];
>     pop_model = { pop_distr = popUnif(); };
>     recurrence = 55% / SimpleContent.cachable; // adjusted to get 55% DHR
> 
>     req_rate = 1/sec;
> 
>     origins = S.addresses;      // where the origin servers are
>       addresses = ['172.17.205.177']; // use clone operator
> };
> 
> Any help will be much appreciated.

That is a bug in Web Polygraph.  Polygraph should print a sane error
instead of asserting.  NTLM authentication requires OpenSSL, but you
built Polygraph without it.  Try rebuilding with OpenSSL support.
Please let me know if it helps.

NTLM and Negotiate authentication requires client-side persistent
connections so make sure they are enabled in your tests.  See
Agent::pconn_use_lmt and related options for PGL knobs [1].

Also, NTLM credentials should contain NTLM domain, see [2] for details.

Note, the proxy offers NTLM or Basic authentication in the above reply.
But currently Polygraph does not support authentication scheme
selection, it just uses the first one and ignores the others.  If you
configure the proxy to offer only Basic authentication or send Basic
authentication header first, Polygraph would use it and none of the
above changes would be needed.

Regards,
  Dmitry

[1] http://www.web-polygraph.org/docs/reference/pgl/types.html#type:docs/reference/pgl/types/Agent
[2] http://www.web-polygraph.org/docs/userman/auth.html

> Thank you
> 
> ufa
> _______________________________________________
> Users mailing list
> Users at web-polygraph.org
> http://www.web-polygraph.org/mailman/listinfo/users

More information about the Users mailing list