Hi transport experts, This report came in a couple of months ago; I was thinking of trying to reproduce it, but that was silly, since it is way over my head. It seems that some HTTP authentication scheme is not working well in some circumstance. ;-) Ideas?
--- Begin Message ---
- Subject: Re: git-core: please support GSS-Negotiate authentication for http
- From: "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 May 2010 13:55:52 +0000
- Authentication-results: mx.google.com; spf=neutral (google.com: 76.96.62.40 is neither permitted nor denied by best guess record for domain of sandals@xxxxxxxxxxxxxxxxxxxxxxx) smtp.mail=sandals@xxxxxxxxxxxxxxxxxxxxxxx
- Cc: 472073@xxxxxxxxxxxxxxx
- Delivered-to: jrnieder@xxxxxxxxx
- In-reply-to: <20100516114533.GA12282@xxxxxxxxxxxx>
- User-agent: Mutt/1.5.20 (2009-06-14)
On Sun, May 16, 2010 at 06:45:33AM -0500, Jonathan Nieder wrote: > reassign 472073 git git-core/1:1.5.4.4-1 > tags 472073 + upstream > quit > > Hi Brian, > > brian m. carlson wrote: > > > My webserver supports Kerberos 5 and DAV, but for the obvious > > reason, DAV is only allowed with Kerberos (GSS-Negotiate) > > authentication. It would be nice if I could use GSS-Negotiate with > > git, since it is supported by libcurl. > > I do not know how to check this, but could you try with version 1.7.0 > or 1.7.1? The patch v1.7.0-rc0~108^2~2 (Add an option for using any > HTTP authentication scheme, not only basic, 2009-11-27[1]) and its > companion patch v1.7.0-rc0~108^2 (Remove http.authAny[2]) seem > relevant. It doesn't seem to work for me: lakeview no % git push http://bmc@xxxxxxxxxxxxxxxxxxxxxxxxxxx/dump/css.git master Password: Password: error: The requested URL returned error: 401 while accessing http://bmc@xxxxxxxxxxxxxxxxxxxxxxxxxxx/dump/css.git/info/refs error: The requested URL returned error: 401 while accessing http://bmc@xxxxxxxxxxxxxxxxxxxxxxxxxxx/dump/css.git/objects/info/packs Unable to create branch path http://bmc@xxxxxxxxxxxxxxxxxxxxxxxxxxx/dump/css.git/info/ error: cannot lock existing info/refs fatal: git-http-push failed Also, here's part of the log from the web server: 172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - bmc@xxxxxxxxxxxxxxxxxxxx [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 200 307 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/HEAD HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - bmc@xxxxxxxxxxxxxxxxxxxx [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 207 767 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/info/refs HTTP/1.1" 401 205 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/objects/info/packs HTTP/1.1" 401 205 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "MKCOL /dump/css.git/info/ HTTP/1.1" 401 720 "-" "git/1.7.1" Notice that only for certain requests does git use authentication. It needs to use authentication for every request, since access to /dump/ is only allowed to valid users using Kerberos (for all requests). Also note that git prompts for a password when one is not needed; this is probably part of the curl bug noted in the manpage: When using this option, you must also provide a fake -u/--user option to activate the authentication code properly. Sending a '-u :' is enough as the user name and password from the -u option aren't actually used. Using "bmc:@" instead of "bmc@" in the URI makes no difference. If you need me to do more testing, please let me know. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187Attachment: signature.asc
Description: Digital signature
--- End Message ---