Currently repoman cannot access HTTP server that use kerberos at all, instead, it gets and ignores 401 errors from them.
We should enable repoman to negotiate kerberos authentication with HTTP servers that require it and use credentials from the Kerberos credentials cache if available.
can you more info on this? is it still needed in downstream?
Our main issue was getting packages from a Kerberized Jenkins instance. We worked around it, by making anonymous access be allowed without Kerberous, but there is no guarantee that any file server or jenkins instance we'll need to work with in the future woudl be as configurable as the Jenkins instance we were using was.
Since repoman is using the 'requests' library where doing things like Kerberos is probably quite simple, I'd regard this ticket as a low-hanging fruit and keep it around.