Kerberos, NTLM and basic proxy authentication is not working at all 4.30 and we have to disable Kerberos, NTLM auth to use basic auth in 4.31.1 by changing additional settings(proxyEnableKerberosNTLM: false). #14173
Kerberos, NTLM and basic proxy authentication is not working at all 4.30 and we have to disable Kerberos, NTLM auth to use basic auth in 4.31.1 by changing settings(proxyEnableKerberosNTLM: false).
Because of this, users not able to pull the images from internet over corporate network.
Please fix this issue in next release. This is impacting many users in Volvo
Reproduce
Add manual proxy settings.
Try to pull the images internet.
Which will not work
Expected behavior
When we add the proxy, it should prompt for credentials or let us pull the images from internet as per Kerberos, NTLM auth/feature
docker version
Client:
Version: 26.1.4
API version: 1.45
Go version: go1.21.11
Git commit: 5650f9b
Built: Wed Jun 5 11:29:54 2024
OS/Arch: windows/amd64
Context: desktop-linux
Server: Docker Desktop 4.31.1 (153621)
Engine:
Version: 26.1.4
API version: 1.45 (minimum version 1.24)
Go version: go1.21.11
Git commit: de5c9cf
Built: Wed Jun 5 11:29:22 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.33
GitCommit: d2d58213f83a351ca8f528a95fbd145f5654e957
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client:
Version: 26.1.4
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.1-desktop.1
Path: C:\Program Files\Docker\cli-plugins\docker-buildx.exe
compose: Docker Compose (Docker Inc.)
Version: v2.27.1-desktop.1
Path: C:\Program Files\Docker\cli-plugins\docker-compose.exe
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.32
Path: C:\Program Files\Docker\cli-plugins\docker-debug.exe
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: C:\Program Files\Docker\cli-plugins\docker-dev.exe
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.24
Path: C:\Program Files\Docker\cli-plugins\docker-extension.exe
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: C:\Program Files\Docker\cli-plugins\docker-feedback.exe
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.2.0
Path: C:\Program Files\Docker\cli-plugins\docker-init.exe
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: C:\Program Files\Docker\cli-plugins\docker-sbom.exe
scout: Docker Scout (Docker Inc.)
Version: v1.9.3
Path: C:\Program Files\Docker\cli-plugins\docker-scout.exe
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 26.1.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
Kernel Version: 5.15.153.1-microsoft-standard-WSL2
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.625GiB
Name: docker-desktop
ID: 707f229a-f60e-45a6-80e0-4aed5bd5c63c
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=npipe://\\.\pipe\docker_cli
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: daemon is not using the default seccomp profile
Thanks for reporting this. One option is to manually change proxyEnableKerberosNTLM: false (on 4.31/4.31.1) in settings.json. Alternatively, upgrading to version 4.32 requires no changes (if you are using Basic auth).
Description
Kerberos, NTLM and basic proxy authentication is not working at all 4.30 and we have to disable Kerberos, NTLM auth to use basic auth in 4.31.1 by changing settings(proxyEnableKerberosNTLM: false).
Because of this, users not able to pull the images from internet over corporate network.
Please fix this issue in next release. This is impacting many users in Volvo
Reproduce
Add manual proxy settings. Try to pull the images internet. Which will not work
Expected behavior
When we add the proxy, it should prompt for credentials or let us pull the images from internet as per Kerberos, NTLM auth/feature
docker version
docker info
Diagnostics ID
A23F9B83-ED41-4AC1-B1A9-B238BC0319F0/20240705052224
Additional Info
No response