On Wed, Sep 28, 2016 at 08:01:34PM +0200, Petr Stodulka wrote: > Delegation of credentials is disabled by default in libcurl since > version 7.21.7 due to security vulnerability CVE-2011-2192. Which > makes troubles with GSS/kerberos authentication when delegation > of credentials is required. This can be changed with option > CURLOPT_GSSAPI_DELEGATION in libcurl with set expected parameter > since libcurl version 7.22.0. > > This patch provides new configuration variable http.delegation > which corresponds to curl parameter "--delegation" (see man 1 curl). > > The following values are supported: > > * none (default). > * policy > * always I don't personally use Kerberos delegation with Git, but I don't see any problems with this patch. It preserves the security properties of the current behavior, and I think adding "policy" as an option to allow per-realm configuration is a good idea. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature