Re: [RFC PATCH 3/3] Allow empty user name in HTTP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2022-05-13 at 07:04:16, Simon.Richter@xxxxxxxxxx wrote:
> From: Simon Richter <Simon.Richter@xxxxxxxxxx>
> 
> When using a Personal Access Token in Microsoft DevOps server, the username
> can be empty, so users might expect that pressing return on an username
> prompt will work.

I don't think this is a good idea.  libcurl relies on CURLOPT_USERPWD
being set to enable authentication, and before the appearance of
http.emptyAuth, it was extremely common for Kerberos users to specify an
empty username to get Git to authenticate properly.  I probably still
have some repositories on my system configured that way.

I believe GitHub can also accept an empty username with a PAT, but it
can also accept a dummy (e.g., "token"), which I would hope Azure DevOps
can do as well.  In such a case, the documentation for Azure DevOps
should just be updated to tell people to specify something like "token"
or their username.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux