On Tue, Jul 22, 2014 at 10:00:22AM -0700, Junio C Hamano wrote: > "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > > > So git uses libcurl with CURLAUTH_ANY. In order for authentication to > > work with libcurl, you have to supply a username. If you specify it in > > the URL, the libcurl realizes that it can use Kerberos, and goes on its > > merry way. > > > > If you don't specify the username in the URL, git notices that > > authentication has failed, and asks the credential store for a username > > and password. git does not know that a password is not needed, so the > > credential subsystem prompts for one anyway. > > Hmmm, does this hint that we might want to be able to tell the > credential subsystem that it is sufficient to have name without > password, or allow the credential subsystem to say "I am giving you > sufficient information" when it returns only username without > password? Possibly. In the --negotiate documentation of the curl man page, it says: When using this option, you must also provide a fake -u, --user option to activate the authentication code properly. Sending a '-u :' is enough as the user name and password from the -u option aren't actually used. That implies to me that setting an empty value for CURLOPT_USERNAME in git might be sufficient to solve the problem. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature