git-http-backend auth via Kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to get http://git-scm.com/docs/git-http-backend to auth via Kerberos.

I have success when a Kerberos ticket is present.

I am trying to get git to authenticate with Kerberos when a ticket is not present.

Here is what succeeds with a ticket:

<Location /git>
  SSLOptions +StdenvVars
  Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch

    # By default, allow access to anyone.
    Order allow,deny
    Allow from All

    # Enable Kerberos authentication using mod_auth_kerb.
    AuthType Kerberos
    AuthName “us.example.com"
    KrbAuthRealm us.example.com
    Krb5KeyTab /usr/local/etc/apache22/repo-test.keytab
    KrbMethodNegotiate on
    KrbSaveCredentials on
    KrbVerifyKDC on
    KrbServiceName Any
    Require valid-user
</Location>

This is what happens without a valid ticket:

$ git clone https://us.example.com/git/clamav-bytecode-compiler
Cloning into 'clamav-bytecode-compiler'...
Username for 'https://us.example.com': dan
Password for 'https://dan@xxxxxxxxxxxxxx': 
fatal: Authentication failed for 'https://us.example.com/git/clamav-bytecode-compiler/'

Of note, I see this in the Apache logs:

Thu Dec 18 16:43:35 2014] [debug] src/mod_auth_kerb.c(1749): [client 10.7.69.10] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos

Ideas?  Suggestions?  Hints?  Thanks.

— 
Dan Langille
Infrastructure & Operations
Talos Group
Sourcefire, Inc.

��.n��������+%������w��{.n��������n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]