Hi, I wonder if I've hit a bug in git, or perhaps in libcurl. Our team that use git repos hosted on a number of different environments, including HTTP servers using Kerberos or NTLM to authenticate users. Command-line git needs explicit credentials to work against these repos, while Visual Studio (i.e. libgit2) does not. The other day I noticed that when I give null credentials (i.e. empty username and password) normal command-line git works beautifully, authenticating as the currently signed-in user. I digged around a bit and found a potential bug in how libcurl is used; when using CURLAUTH_ANY, no handshaking will actually be done unless a user name is specified - even if it's a fake one. This is consistent with the documentation for curl itself, http://curl.haxx.se/docs/manpage.html#--negotiate , however I see no mention of this quirk in the libcurl API documentation. The fix I'm using locally is quite straightforward: diff --git a/http.c b/http.c index 9dce380..f62f6b6 100644 --- a/http.c +++ b/http.c @@ -668,6 +668,10 @@ struct active_request_slot *get_active_slot(void) #endif if (http_auth.password) init_curl_http_auth(slot->curl); +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY + else + curl_easy_setopt(slot->curl, CURLOPT_USERNAME, ""); +#endif return slot; } As far as I can tell this works fine against NTLM and Kerberos HTTP servers, and has no effect on servers allowing anonymous access. Against a server using Basic authentication the patch will cause git to fire off a redundant 'GET' with the empty username before asking the user for credentials. I'm not sure if that could cause problems for other users, I would expect that anyone working against a server with Basic authentication uses stored credentials anyway :-) But perhaps there is some other case I've not considered? // Christoffer -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html