4
Chapter 1. Introduction
systems do not need direct access to the Internet. They need access only to the RHN Proxy
Server.
Important
Red Hat strongly recommends that clients connected to an RHN Proxy Server be running
the latest update of Red Hat Enterprise Linux to ensure proper connectivity.
Clients that access RHN directly are authenticated by the RHN servers. Clients that access
an RHN Proxy Server are still authenticated by RHN; however, in this case the Proxy pro-
vides both authentication and route information to RHN. After a successful authentication,
the Red Hat Network Server informs the RHN Proxy Server that it is permitted to execute a
specific action for the client. The RHN Proxy Server downloads all of the updated packages
(if they are not already present in its cache) and delivers them to the client system.
Requests from the Red Hat Update Agent on the client systems are still authenticated on
the server side, but package delivery is significantly faster since the packages are cached in
the HTTP Proxy Caching Server or the RHN Proxy Server (for local packages); the RHN
Proxy Server and client system are connected via the LAN and are limited only by the
speed of the local network.
Authentication is done in the following order:
1. The client performs a login action at the beginning of a client session. This login is
passed through one or more RHN Proxy Servers until it reaches a Red Hat Network
Server.
2. The Red Hat Network Server attempts to authenticate the client. If authentication is
successful, the server then passes back a session token via the chain of RHN Proxy
Servers. This token, which has a signature and expiration, contains user information,
including channel subscriptions, username, etc.
3. Each RHN Proxy Server caches this token on its local file system in
/var/cache/rhn/
. Caching reduces some of the overhead of authenticating with
Red Hat Network Servers and greatly improves the performance of Red Hat
Network.
4. This session token is passed back to the client machine and is used in subsequent
actions on Red Hat Network.
From the client’s point of view, there is no difference between an RHN Proxy Server and
a Red Hat Network Server. From the Red Hat Network Server’s point of view, an RHN
Proxy Server is a special type of RHN client. Clients are thus not affected by the route a
request takes to reach a Red Hat Network Server. All the logic is implemented in the RHN
Proxy Servers and Red Hat Network Servers.