On Mon, Jan 05, 2015 at 09:23:32PM +0000, Dan Langille (dalangil) wrote:
I have tried both patches. Neither succeeds here. I patched git version 2.2.1 but I don’t think that affects this.
You are patching the client side, correct? That's the side that needs patching here.
Just so the list knows, I will be sending a reroll to the existing patch, but the patches I've posted do indeed work in my testing.
Before I flood the list with debug runs, I wanted to make sure I was testing with an appropriate configuration:<Location /git> SSLOptions +StdenvVars Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch # By default, allow access to anyone. Order allow,deny Allow from All # Enable Kerberos authentication using mod_auth_kerb. AuthType Kerberos AuthName “us.example.org" KrbAuthRealms us.example.org # I have tried both with and without the following line: KrbServiceName HTTP/us.example.org Krb5Keytab /usr/local/etc/apache22/repo-test.keytab KrbMethodNegotiate on KrbSaveCredentials on KrbVerifyKDC on KrbServiceName Any # I have tried with and without this line: KrbMethodk5Passwd on Require valid-user </Location>
I'm not sure why it's not working for you. Here's a snippet from my config:
SetEnv GIT_HTTP_EXPORT_ALL 1 SetEnv REMOTE_USER $REDIRECT_REMOTE_USER AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbAuthRealms CRUSTYTOOTHPASTE.NET Krb5Keytab /etc/krb5.apache.keytabWhen I was testing, I set KrbMethodK5Passwd to on and it did in fact work. I'm using Debian's Apache 2.4.10-9 with mod_auth_kerb 5.4-2.2.
-- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature