On Mon, Oct 03, 2016 at 09:54:19PM +0000, David Turner wrote: > > > I dunno. The code path you are changing _only_ affects anything if the > > http.emptyauth config is set. But I guess I just don't understand why you > > would say "http://@gitserver" in the first place. Is that a common thing? > > > > -Peff > > I have no idea if it is common. I know that we do it. I've never seen this. RFC 3986 does seem to allow it: authority = [ userinfo "@" ] host [ ":" port ] userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) I normally write it like one of these: https://bmc@xxxxxxxxxxxxxxxxxxxxxxxx/ https://:@git.crustytoothpaste.net/ Of course, the username is ignored in the first one, but it serves a documentary purpose for me. > The reason we have a required-to-be-blank username/password is > apparently Kerberos (or something about our particular Kerberos > configuration), which I treat as inscrutable black magic. The issue with git is usually that it uses libcurl, which won't do authentication unless it has a username or password, even if those are empty or ignored. http.emptyAuth was designed for this case. With Kerberos (at least in my experience), the username doesn't actually get sent, since you send only ticket-related information over the channel, and that has your principal name embedded. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature