It was quite some time ago, I think in the beginning of this year when I had to pass through my corporate proxy which used a Basic HTTP Authentication scheme. In short, it means that all my HTTP requests will need to have a parameter Proxy-Authorization : Base64_Encoded_Username:Password. But before going further, I needed to use a local proxy since my passwords generally have a lot of @ symbols to make it more secure. In Linux, one can use proxy authentication using export http_proxy=http://username:password@proxy:port. As you guessed, my password would break this simple mechanism of defining proxy tunnels with authentication. The easiest solution would be to change my password but then I am not an engineer who goes for such simple workarounds.

 

A search on the web also revealed a number of scripts but all of these had one or the other problem. I also wanted to access git and other stuff from behind the proxy. I found cntlm on http://cntlm.sourceforge.net/ and it seemed like a good candidate to help me get away from all the problems. I modified cntlm proxy to incorporate HTTPAUTH. This modification does not induce any side-effects/bugs but enhances cntlm to satisfy my needs.

 

One can download the modified file from http://ubuntuforums.org/showthread.php?t=1396749. The modifications only work when you have supplied your plain text password in the cntlm.conf file. The last parameter at the end of file is also HTTPAUTH instead of HTTP_AUTH (I forgot to change the conf file when I uploaded the modifications). But now you know. I got many questions on the above and this post clarifies almost all of them. After doing those changes plus configuring your cntlm.conf file by supplying the necessary domain, proxy, username and password parameters, run it using cntlm. If you get a config file not found (i.e. if you have just done a make and not a make install), then use sudo cntlm. After that you can set a system wide proxy to use 127.0.0.1 and 3128 (unless you have changed the port in the cntlm.conf file) and hurray, you can do all the different stuff behind your stupid proxy.

 

Between, I had a talk with the cntlm developer and maintainer and he thought the modifications were too easy. So it is not included in the main branch. Anyways, it works for me and also works for quite a few out there. Questions and comments are welcome. In my next post, I will write about using of an application known as tunnel and a simple script to make git, ssh, etc. work from behind a proxy. Be tuned…