From: Ivo Bellin Salarin <ivo.bellinsalarin@gmail.com>
To: Ivo Bellin Salarin <ivo.bellinsalarin@gmail.com>, git@vger.kernel.org
Subject: Re: GIT, libcurl and GSS-Negotiate
Date: Mon, 5 May 2014 12:21:33 +0200 [thread overview]
Message-ID: <CAPc4eF-aT47aEPmmPPkPRfntTNdNp=c4+OK_CPdq_7YB6rxDug@mail.gmail.com> (raw)
In-Reply-To: <20140426174718.GC238861@vauxhall.crustytoothpaste.net>
Well, I'm on Windows.
using `git version 1.9.2.msysgit.0`.
You can find all the exchanges, recorded with wireshark, of the
following usecases:
* git vanilla (not working),
* VisualStudio2013 with libgit (working)
* curl (--ntlm, working)
* curl (--negotiate, not working)
They're available on
[github](https://github.com/nilleb/my-documents/tree/master/msysgit%23git%2C%20issue-171).
On Sat, Apr 26, 2014 at 7:47 PM, brian m. carlson
<sandals@crustytoothpaste.net> wrote:
> On Thu, Apr 24, 2014 at 07:17:36PM +0200, Ivo Bellin Salarin wrote:
>> To shortly resume it, the problem is that:
>> * when the authentication method (WWW-Authenticate) is Negotiate AND
>> * when the server proposes a NTLMSSP_CHALLENGE in response of the
>> client's NTLMSSP_NEGOTIATE,
>> => libcurl yields an "Authentication problem. Ignoring this.\n"
>> And the communication is closed.
>>
>> At this point, in a normal communication, the client should send a
>> NTLMSSP_AUTH containing a Kerberos ticket.
>>
>> Having seen the libcurl source code, I think we're passing through the
>> lines from 776 to 780 of
>> [http.c](https://github.com/bagder/curl/blob/2e57c7e0fcfb9214b2a9dfa8b3da258ded013b8a/lib/http.c).
>> Some guy, on the github issue page, has suggested that this could be
>> related to an update of libcurl, when git was at its 1.8.2 version.
>>
>> I'm not debugging libcurl, and I can't reproduce this problem @home.
>> So, has somebody already experienced the same problem? Is there a
>> solution?
>
> I'm personally using Git with GSS-Negotiate (and MIT Kerberos 5) and it
> does seem to work correctly for me. For large pushes, your server (and
> any intermediate proxies) will need to support 100 Continue properly, as
> there's simply no other way to make it work.
>
> What version of curl are you using (and what distro if you didn't
> compile it yourself)? Also, can you post output of an attempt to push
> with GIT_CURL_VERBOSE=1?
>
> --
> brian m. carlson / brian with sandals: Houston, Texas, US
> +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
> OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
--
http://www.nilleb.com
next prev parent reply other threads:[~2014-05-06 16:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-24 17:17 GIT, libcurl and GSS-Negotiate Ivo Bellin Salarin
2014-04-26 17:47 ` brian m. carlson
2014-05-05 10:21 ` Ivo Bellin Salarin [this message]
2014-05-10 21:01 ` brian m. carlson
2014-05-12 18:01 ` Carlos Martín Nieto
2014-05-12 20:21 ` Jeff King
2014-05-16 22:34 ` brian m. carlson
2014-05-17 6:51 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPc4eF-aT47aEPmmPPkPRfntTNdNp=c4+OK_CPdq_7YB6rxDug@mail.gmail.com' \
--to=ivo.bellinsalarin@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).