Wednesday, June 15, 2011

I use Linux in a corporate environment and proxy support sucks.

I have two work stations, a Windows XP desktop and Linux workstation. The bulk of my day to day work is done from the workstation. This does not come without some pitfalls. My most aggravating being proxy server authentication. Windows NTLM and it's ability to pass along your authentication is rather nice and simplifies your world. Linux on the other hand can be a little daunting at times.

My workstation currently runs Ubuntu 11.04. I had been running with Fedora 13 then 14 but frankly Fedora is not that user friendly for a desktop. SELinux borderlines on the insane if you use it and mildly annoying if you put it in passive mode. Yes, you could disable SELinux which is what many people do but as many times as you have to log in as root to do something useful it really seems counter productive. Ubuntu/Debian's sudo setup is far superior in this regard. And in my opinion APT is far easier to work with than YUM. Just managing repositories seems faster. Which takes me back to my previous issue, proxies.

Proxies, simply put, need help in Linux. Proxies are a standard in the corporate world. Which should tell you why it so important. When Chrome first came out it relied on the OS proxy settings which caused problems if you were needing to authenticate to the proxy. It was quickly updated and partially resolved the issue but authentication is still a bear. Some pages may prompt you several times to authenticate, others my only prompt you once. Not that this is due to the application. Firefox is prone to the multi-authentication issue where as Chrome will prompt once and your good for that session... most of the time. Other apps are not so forgiving or feature rich. Banshee authenticates with basic auth. Many productivity apps depend entirely on the OS provide proxy config but they don't even utilize it fully as many will ignore the authentication piece and just time out.

Now some apps will allow you to save your password. GREAT! However corporate password policy may not be so nice. If you have to change your password every 30 to 45 days trying to remember which app stored your password can be hazardous to your login attempt. I used to have Thunderbird remember my proxy password and this worked great until the password changed. Add to it I was in a rush and opened up multiple applications all failing their initial authentication and wham! "Your account is locked out".

With my head bowed I schlepped over to the domain admin, as my account can only be reset by a Domain admin, and requested they reset my password. After a long story as to why my account was locked I was greeted with typical Windows Admin jest of getting a real OS. To which I counter "They won't get me a UNIX work station" and then walk back to my desk to type in the new password.

What makes things more frustrating is that the Linux proxy tool gives you the option to put in your username and password for the proxy. However it rarely if ever works. Add to that I don't know how secure it is. I'd love to have the Linux proxy tool updated so that it worked with authentication proxies, stored your password securely, or just used your local authentication. I think this alone would help the corporate adoption rate, or at least make my life a little easier.

No comments:

Post a Comment