On Fri, Feb 05, 2016 at 12:18:22PM +0300, Dmitry Vilkov wrote: > You are right, we are using a bare URL (without a username component). > With username encoded in URL everything works just fine. But it's > generally wrong to pass creds in URL (in my opinion) and security > policy of my employer prohibits doing such thing. > Anyway, as you said libcurl needs valid (not NULL) username/password > to do GSS-Negotiate, so there is nothing wrong if I set empty > username/password combination when git prompts for creds. Even more, > there is no other way to let libcurl to use GSS-Negotiate without > username in URL. You can literally do https://:@git.crustytoothpaste.net/git/repo.git as the URL, and that will work. GSS-Negotiate using Kerberos passes the ticket, which contains the principal name in it, so an actual username and password is not needed at all. libcurl just needs something to tell it to do authentication. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: PGP signature