Bug 232626

Summary: kde proxy authentication - option to specify a username and password
Product: systemsettings Reporter: Jacek Mayer <vedvarelth>
Component: kcm_proxyAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: adawit, dav1dblunk3tt, fereneadams, gabrgomes, neeraj_mot, p1037905, wedge009
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In: 4.6.4

Description Jacek Mayer 2010-03-29 23:20:17 UTC
Version:            (using KDE 4.3.5)
OS:                Linux
Installed from:    Debian testing/unstable Packages

System Settings->Network & Connectivity->Network Settings we have option to specify a username and password, rather than always prompting for one, is greyed out. When option would be available? why is not ?
Comment 1 Tommi Tervo 2010-05-26 10:40:00 UTC
*** Bug 234513 has been marked as a duplicate of this bug. ***
Comment 2 Tommi Tervo 2010-05-26 10:40:30 UTC
*** Bug 238759 has been marked as a duplicate of this bug. ***
Comment 3 Dmitry Vinokurov 2010-05-27 06:18:30 UTC
(In reply to comment #0)
> Version:            (using KDE 4.3.5)
> OS:                Linux
> Installed from:    Debian testing/unstable Packages
> 
> System Settings->Network & Connectivity->Network Settings we have option to
> specify a username and password, rather than always prompting for one, is
> greyed out. When option would be available? why is not ?

I can confirm this bug. My OS is Kubuntu 10.04, KDE 4.4.2.
Comment 4 Hairold Ovares 2010-07-12 22:24:34 UTC
I can confirm this bug. My OS is Kubuntu 10.04, KDE 4.4.2.
Comment 5 Wedge009 2010-08-18 08:07:22 UTC
I confirm this bug, as an extension of Bug 238759.
Comment 6 Samuele C. 2010-09-16 10:00:02 UTC
*** This bug has been confirmed by popular vote. ***
Comment 7 neeraj 2010-10-01 08:22:27 UTC
definitely a nagging problem I had been experiencing from a long time on any KDE based distribution.I can confirm the bug
Comment 8 gabrgomes 2011-04-22 02:11:44 UTC
Still not fixed. C'mon guys, this is something critical!
Comment 9 Dawit Alemayehu 2011-04-25 21:55:42 UTC
I guess I am responsible for the misleading inputs that were never implemented. It was something that should have never been there. There are several reasons why the option to specify username/password was never implemented and here are the reasons in order:

#1 Lack of time. As usual, there are too many issues to work on and very few volunteers to work on them!

#2. However, the most important reason why I never implemented it was, the sheer number of configuration possibilities that exist. That is the username/password combination would have been saved into KWallet using a specific proxies address. Unfortunately one can choose to configure different proxy servers for different protocols. The situation is even worse for the script based proxy configurations since they can freely return multiple proxy addresses. As such it makes it almost impossible to have a Central place to enter username/password information. Even if we find a hack such as storing the information under a generic key in kwallet, all the protocols that are not changed to check for it will not work. IOW, we create even more work in light of what I have stated in #1.

For KDE 4.7 the proxy configuration dialog is being reworked, and as it stands right now that option is going to be completely removed by me because you can save the proxy server authentication information in KWallet once prompted and subsequently that information will be used going forward. Obviously, you would have to enter KWallet's password information.

So this would probably would end up being a won't fix unless someone steps up and want to fix it. Anyhow, if any of you were under the impression that this feature would have saved the password by storing the information in a plain text file, then please forgot that because such a change won't be accepted.
Comment 10 Wedge009 2011-04-26 02:34:44 UTC
Thank you for the information, Dawit.

I suppose the main issue, at least for me, is not being able to use KDE *at all* in a work environment where proxy authentication is required. It's been a while since I gave up on it, but as I recall, I could not get any workable solution for any Internet-capable application that didn't include its own custom (ie non-KDE) proxy authentication handling.

At the very least, I would have been satisfied with a prompt to enter the authentication information even if I had to do it once per session. When you say the configuration is being re-worked for KDE 4.7, do you know if there will be an improvement to the automatic prompt option? Or is that a separate issue? Because while the prompt-for-authentication option is also currently present, it never seemed to work for me, which was quite frustrating.
Comment 11 Dawit Alemayehu 2011-04-26 02:55:26 UTC
(In reply to comment #10)
> Thank you for the information, Dawit.
> 
> I suppose the main issue, at least for me, is not being able to use KDE *at
> all* in a work environment where proxy authentication is required. It's been a
> while since I gave up on it, but as I recall, I could not get any workable
> solution for any Internet-capable application that didn't include its own
> custom (ie non-KDE) proxy authentication handling.
> 
> At the very least, I would have been satisfied with a prompt to enter the
> authentication information even if I had to do it once per session. When you
> say the configuration is being re-worked for KDE 4.7, do you know if there will
> be an improvement to the automatic prompt option? Or is that a separate issue?
> Because while the prompt-for-authentication option is also currently present,
> it never seemed to work for me, which was quite frustrating.

Proxy authentication should work fine in most recent releases of KDE. What version was the last one you tried ? What kind of problem do you encounter ? Do you get error message ?  

Anyhow,  I can tell you that KDE 4.6.2 works fine with proxy authentication for me.  There might be corner cases since authentication for certain type of proxy connections. Both HTTPS over HTTP proxy and SOCKS proxy are handled by Qt's networking classes these days. And Qt's authentication support is much more limited than KDE's own. For example, KDE supports Negotiate, NTLM v2 and Kerberos. None of which Qt's networking code does.

Unfortunately all of that means, depending on your specific proxy's configuration, proxy authentication might or might not work for you. :( So if you can provide your configuration information I might be able to tell you whether or not things will or will still not work for you in KDE 4.7.
Comment 12 Wedge009 2011-04-26 04:00:22 UTC
I suppose I will give it another try at the office tomorrow morning (still on Tuesday public holiday today).

I would have been using an unpatched (no Internet access to download updates, of course) Kubuntu 10.10 mainly, which I believe uses KDE 4.5.1, but I also tried Fedora 14 (KDE 4.5.2) and openSUSE 11.4 (KDE 4.6.0). The only workable (KDE) environment I have is Linux Mint 10 (and only because it has Firefox and Synaptic pre-installed, both of which have their own proxy authentication handling), so I don't believe it's an issue with my office's proxy server itself. (I was also using Ubuntu just fine, but I do rather prefer KDE over GNOME.)

A web browser and package updater is all I really need. I did try using environment variables to specify the proxy settings which I think one work-around suggested. For Kubuntu, as I recall, neither KPackageKit nor Konqueror worked. I *think* rekonq prompted for authentication, but it didn't seem to work 100% of the time. Konqueror worked in Fedora, but KPackageKit did not. I don't think I bothered to investigate openSUSE/KDE in much depth.

In all cases where I do not get Internet connectivity, there is no error message in the web browsers, only the page trying to load indefinitely. I think KPackageKit spits out some generic message about being unable to access the remote server.

As I said, I'll give it another go in the office tomorrow, but basically my choices for using GUI Linux in the office environment are either GNOME (I'd really rather KDE, if possible), or KDE + applications with custom proxy handling.
Comment 13 Wedge009 2011-04-27 01:58:30 UTC
I've come to the conclusion that any Linux environment is going to have difficulties negotiating proxy servers that require authentication - or at least, the ISA proxy server in use at my office.

I went through Ubuntu, Kubuntu, Fedora/KDE, openSUSE/KDE and LinuxMint/KDE, and every command-line and GUI package manager and web browser that I know how to use and of all of them, only Synaptic and Firefox work because of their built-in proxy authentication handling.

The only time I was prompted for authentication was when using the rekonq or Konqueror web browsers - I think it must have been KDE versions older than 4.5 where I had instances of no authentication dialogues being presented. Even so, after entering the correct authentication details - the same details I use in Synaptic and Firefox - the web browsers would stall indefinitely when attempting to load a web page outside the corporate intranet.

So I'm not sure how my experiences relate to this particular bug report, but for the time being, it looks like my options are severely limited when it comes to using Linux at my office.
Comment 14 Dawit Alemayehu 2011-04-27 02:12:48 UTC
(In reply to comment #13)
> I've come to the conclusion that any Linux environment is going to have
> difficulties negotiating proxy servers that require authentication - or at
> least, the ISA proxy server in use at my office.
>
> I went through Ubuntu, Kubuntu, Fedora/KDE, openSUSE/KDE and LinuxMint/KDE, and
> every command-line and GUI package manager and web browser that I know how to
> use and of all of them, only Synaptic and Firefox work because of their
> built-in proxy authentication handling.
> 
> The only time I was prompted for authentication was when using the rekonq or
> Konqueror web browsers - I think it must have been KDE versions older than 4.5
> where I had instances of no authentication dialogues being presented. Even so,
> after entering the correct authentication details - the same details I use in
> Synaptic and Firefox - the web browsers would stall indefinitely when
> attempting to load a web page outside the corporate intranet.
> 
> So I'm not sure how my experiences relate to this particular bug report, but
> for the time being, it looks like my options are severely limited when it comes
> to using Linux at my office.

Well if you give up, then that will be true. If you however persist and provide us with some information, then we might be able to help you out. If you are willing to provide some information, then here is what we need:

1.) Tell us which KDE proxy configuration setting you are using.
2.) Install the debug version of kdelibs for the particular distribution you are using.
3.) Follow the instructions at the link below to save the debug output into a file

http://techbase.kde.org/Development/Tutorials/Debugging/Debugging_IOSlaves#How_to_get_debug_output

4.) Scrube the log file produced for any personal information and post the debug output here or send it in personal email directly to me.

Without feedback we cannot possibly resolve any of these problems. There problems with proxy configuration in a Windows environment are numerous and none of us have any such setups to test our software against. We always rely on feedback from users and other developers to addresses this issues.
Comment 15 Wedge009 2011-04-28 01:14:44 UTC
I've sent the information directly to your e-mail address, so as to stop spamming everyone else.

Thanks for your help.
Comment 16 Dawit Alemayehu 2011-05-04 20:39:49 UTC
Git commit f79aacfcb658a57d9b7785018dfe4f970e524644 by Dawit Alemayehu.
Committed on 04/05/2011 at 20:29.
Pushed by adawit into branch 'KDE/4.6'.

By default support only NTLMv1 like other browsers. However, make it possible
for users to manually enable the usage of NTLMv2 authentication by adding a
"EnableNTLMv2Auth=true" flag to either one of the following to configuration files:

$KDEHOME/share/config/kioslaverc OR
$KDEHOME/share/config/kio_httprc

Note this setting like every other ioslave setting can be set on a per site
basis by adding the parameter to a host specific section instead of the global
one. For example,

[foo.bar]
EnableNTLMv2Auth=true

BUG: 232626
FIXED-IN: 4.6.4

M  +7    -2    kioslave/http/httpauthentication.cpp     

http://commits.kde.org/kdelibs/f79aacfcb658a57d9b7785018dfe4f970e524644
Comment 17 Dawit Alemayehu 2011-05-04 20:40:41 UTC
Git commit 2fdcbe849ef50e64b3b5ce6d6615ef85851d008c by Dawit Alemayehu.
Committed on 04/05/2011 at 20:29.
Pushed by adawit into branch 'master'.

By default support only NTLMv1 like other browsers. However, make it possible
for users to manually enable the usage of NTLMv2 authentication by adding a
"EnableNTLMv2Auth=true" flag to either one of the following to configuration files:

$KDEHOME/share/config/kioslaverc OR
$KDEHOME/share/config/kio_httprc

Note this setting like every other ioslave setting can be set on a per site
basis by adding the parameter to a host specific section instead of the global
one. For example,

[foo.bar]
EnableNTLMv2Auth=true

CCBUG: 232626

(cherry picked from commit f79aacfcb658a57d9b7785018dfe4f970e524644)

M  +7    -2    kioslave/http/httpauthentication.cpp     

http://commits.kde.org/kdelibs/2fdcbe849ef50e64b3b5ce6d6615ef85851d008c
Comment 18 davidblunkett 2012-01-16 12:20:53 UTC
I appear to have this problem:

If I select manual proxy the option [x] prompt as needed is always checked and the option to save the proxy username/password is greyed out.  It is quite annoying.

Konqueror 4.6.00 release 6 from Suse 11.4

Aslo konqueror doesn't seem to learn the password even when the prompt has the "remember his password" box checked.
Comment 19 Dawit Alemayehu 2012-01-16 17:54:26 UTC
(In reply to comment #18)
> I appear to have this problem:
> 
> If I select manual proxy the option [x] prompt as needed is always checked and
> the option to save the proxy username/password is greyed out.  It is quite
> annoying.
> 
> Konqueror 4.6.00 release 6 from Suse 11.4

That version does not have the fix. You need at least KDE v4.6.4 or higher.

> Aslo konqueror doesn't seem to learn the password even when the prompt has the "remember his password" box checked.

And those issues have already been addressed in KDE 4.7.2. See 
https://projects.kde.org/projects/kde/kdelibs/repository/revisions/c0cb2f6f489fabb0776319cfc4d2f772c28f61da
Comment 20 davidblunkett 2012-01-17 08:25:29 UTC
Thank you!

> Date: Mon, 16 Jan 2012 17:54:26 +0000
> From: adawit@kde.org
> To: dav1dblunk3tt@hotmail.com
> Subject: [Bug 232626] kde proxy authentication - option to specify a username and password
> 
> https://bugs.kde.org/show_bug.cgi?id=232626
> 
> 
> 
> 
> 
> --- Comment #19 from Dawit Alemayehu <adawit kde org>  2012-01-16 17:54:26 ---
> (In reply to comment #18)
> > I appear to have this problem:
> > 
> > If I select manual proxy the option [x] prompt as needed is always checked and
> > the option to save the proxy username/password is greyed out.  It is quite
> > annoying.
> > 
> > Konqueror 4.6.00 release 6 from Suse 11.4
> 
> That version does not have the fix. You need at least KDE v4.6.4 or higher.
> 
> > Aslo konqueror doesn't seem to learn the password even when the prompt has the "remember his password" box checked.
> 
> And those issues have already been addressed in KDE 4.7.2. See 
> https://projects.kde.org/projects/kde/kdelibs/repository/revisions/c0cb2f6f489fabb0776319cfc4d2f772c28f61da
> 
> -- 
> Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
Comment 21 Pal Körössy 2012-01-23 08:32:57 UTC
I use KDE 4.7.4 release 11 and username/password fields are still grayed out if I select manual proxy settings.
Comment 22 fereneadams 2013-07-02 19:05:02 UTC
Under debian testing with KDE 4.8.4 I cannot find any authentication dialog under the proxy menu. Tested using a socks5 proxy and rekonq. Pages failed to load an no authentication prompt appeared.