From: Jonathan Nieder <jrnieder@gmail.com>
To: git@vger.kernel.org
Cc: "Shawn O. Pearce" <spearce@spearce.org>,
Scott Chacon <schacon@gmail.com>,
Ilari Liusvaara <ilari.liusvaara@elisanet.fi>,
Martin Storsjo <martin@martin.st>,
Tay Ray Chuan <rctay89@gmail.com>,
"brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Subject: Re: git-core: please support GSS-Negotiate authentication for http
Date: Sat, 24 Jul 2010 21:39:31 -0500 [thread overview]
Message-ID: <20100725023930.GC18606@burratino> (raw)
[-- Attachment #1: Type: text/plain, Size: 260 bytes --]
Hi transport experts,
This report came in a couple of months ago; I was thinking of trying
to reproduce it, but that was silly, since it is way over my head. It
seems that some HTTP authentication scheme is not working well in some
circumstance. ;-)
Ideas?
[-- Attachment #2: Type: message/rfc822, Size: 7027 bytes --]
[-- Attachment #2.1.1: Type: text/plain, Size: 3522 bytes --]
On Sun, May 16, 2010 at 06:45:33AM -0500, Jonathan Nieder wrote:
> reassign 472073 git git-core/1:1.5.4.4-1
> tags 472073 + upstream
> quit
>
> Hi Brian,
>
> brian m. carlson wrote:
>
> > My webserver supports Kerberos 5 and DAV, but for the obvious
> > reason, DAV is only allowed with Kerberos (GSS-Negotiate)
> > authentication. It would be nice if I could use GSS-Negotiate with
> > git, since it is supported by libcurl.
>
> I do not know how to check this, but could you try with version 1.7.0
> or 1.7.1? The patch v1.7.0-rc0~108^2~2 (Add an option for using any
> HTTP authentication scheme, not only basic, 2009-11-27[1]) and its
> companion patch v1.7.0-rc0~108^2 (Remove http.authAny[2]) seem
> relevant.
It doesn't seem to work for me:
lakeview no % git push http://bmc@castro.crustytoothpaste.net/dump/css.git master
Password:
Password:
error: The requested URL returned error: 401 while accessing http://bmc@castro.crustytoothpaste.net/dump/css.git/info/refs
error: The requested URL returned error: 401 while accessing http://bmc@castro.crustytoothpaste.net/dump/css.git/objects/info/packs
Unable to create branch path http://bmc@castro.crustytoothpaste.net/dump/css.git/info/
error: cannot lock existing info/refs
fatal: git-http-push failed
Also, here's part of the log from the web server:
172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs HTTP/1.1" 401 720 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1"
172.16.2.249 - bmc@CRUSTYTOOTHPASTE.NET [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 200 307 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/HEAD HTTP/1.1" 401 720 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 401 720 "-" "git/1.7.1"
172.16.2.249 - bmc@CRUSTYTOOTHPASTE.NET [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 207 767 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/info/refs HTTP/1.1" 401 205 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/objects/info/packs HTTP/1.1" 401 205 "-" "git/1.7.1"
172.16.2.249 - - [28/May/2010:13:44:25 +0000] "MKCOL /dump/css.git/info/ HTTP/1.1" 401 720 "-" "git/1.7.1"
Notice that only for certain requests does git use authentication. It
needs to use authentication for every request, since access to /dump/ is
only allowed to valid users using Kerberos (for all requests).
Also note that git prompts for a password when one is not needed; this
is probably part of the curl bug noted in the manpage:
When using this option, you must also provide a fake -u/--user option
to activate the authentication code properly. Sending a '-u :' is
enough as the user name and password from the -u option aren't
actually used.
Using "bmc:@" instead of "bmc@" in the URI makes no difference. If you
need me to do more testing, please let me know.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[-- Attachment #2.1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
reply other threads:[~2010-07-25 2:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100725023930.GC18606@burratino \
--to=jrnieder@gmail.com \
--cc=git@vger.kernel.org \
--cc=ilari.liusvaara@elisanet.fi \
--cc=martin@martin.st \
--cc=rctay89@gmail.com \
--cc=sandals@crustytoothpaste.ath.cx \
--cc=schacon@gmail.com \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).