Re: [PATCH] http: http.emptyauth should allow empty (not just NULL) usernames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 03, 2016 at 09:54:19PM +0000, David Turner wrote:
> 
> > I dunno. The code path you are changing _only_ affects anything if the
> > http.emptyauth config is set. But I guess I just don't understand why you
> > would say "http://@gitserver"; in the first place. Is that a common thing?
> > 
> > -Peff
> 
> I have no idea if it is common.  I know that we do it.

I've never seen this.  RFC 3986 does seem to allow it:

  authority   = [ userinfo "@" ] host [ ":" port ]
  userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )

I normally write it like one of these:

  https://bmc@xxxxxxxxxxxxxxxxxxxxxxxx/
  https://:@git.crustytoothpaste.net/

Of course, the username is ignored in the first one, but it serves a
documentary purpose for me.

> The reason we have a required-to-be-blank username/password is
> apparently Kerberos (or something about our particular Kerberos
> configuration), which I treat as inscrutable black magic.

The issue with git is usually that it uses libcurl, which won't do
authentication unless it has a username or password, even if those are
empty or ignored.  http.emptyAuth was designed for this case.

With Kerberos (at least in my experience), the username doesn't actually
get sent, since you send only ticket-related information over the
channel, and that has your principal name embedded.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]