Re: Git + mod_auth_kerb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 22, 2014 at 10:00:22AM -0700, Junio C Hamano wrote:
> "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes:
> 
> > So git uses libcurl with CURLAUTH_ANY.  In order for authentication to
> > work with libcurl, you have to supply a username.  If you specify it in
> > the URL, the libcurl realizes that it can use Kerberos, and goes on its
> > merry way.
> >
> > If you don't specify the username in the URL, git notices that
> > authentication has failed, and asks the credential store for a username
> > and password.  git does not know that a password is not needed, so the
> > credential subsystem prompts for one anyway.
> 
> Hmmm, does this hint that we might want to be able to tell the
> credential subsystem that it is sufficient to have name without
> password, or allow the credential subsystem to say "I am giving you
> sufficient information" when it returns only username without
> password?

Possibly.  In the --negotiate documentation of the curl man page, it
says:

  When using this option, you must also provide a fake -u, --user option
  to activate the authentication code properly. Sending a '-u :' is
  enough as the user name and password from the -u option aren't
  actually used.

That implies to me that setting an empty value for CURLOPT_USERNAME in
git might be sufficient to solve the problem.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]