On Sat, Dec 27, 2014 at 09:09:36PM +0000, brian m. carlson wrote: > > I'm not familiar enough with Negotiate auth to do give a thorough review > > on the logic above. But FWIW, it makes sense to me, and the code looks > > correct. > > libcurl will try very hard to use something other than Basic auth, even > over HTTPS. If Basic and something else are offered, libcurl will never > use Basic. I should probably make a note of that in the commit message. Thanks, that does help explain things (to me, anyway). The thing I am not sure of in your explanation is: >>> since if they failed the first time, they will never succeed Are there other GSSAPI methods where this is not the case? I don't know of any, and AFAICT git's support is used only for Kerberos, so this is probably safe for now. If somebody can produce a concrete case that behaves differently, we can untangle it then. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html