How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

* How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?
@ 2017-04-03 16:04 ken edward
  2017-04-03 16:20 ` Randall S. Becker
  2017-04-04 10:12 ` Mantas Mikulėnas
  0 siblings, 2 replies; 3+ messages in thread
From: ken edward @ 2017-04-03 16:04 UTC (permalink / raw)
  To: git

Hello,

I have my git repositories behind an apache server configured with
kerberos. Works fine if the user is logged in on their workstation.
Apache gets the kerberos credential, and validates, and  then sends
the GIT repo being requested.

BUT, I want to write a script on linux that will also pass the
kerberos credential to the apache GIT server without having any
manually intervention. Seems I would create a kerberos keytab for the
principal and then use that to authenticate.... kinit supports
authenticating from a keytab using the -k -t <keytab-path> options,
but has anyone done this?

Keith

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?
  2017-04-03 16:04 How do you script linux GIT client to pass kerberos credential to apache enabled GIT server? ken edward
@ 2017-04-03 16:20 ` Randall S. Becker
  2017-04-04 10:12 ` Mantas Mikulėnas
  1 sibling, 0 replies; 3+ messages in thread
From: Randall S. Becker @ 2017-04-03 16:20 UTC (permalink / raw)
  To: 'ken edward', git

-----Original Message-----
On April 3, 2017 12:04 PM, Ken Edward Wrote:
>I have my git repositories behind an apache server configured with kerberos. Works fine if the user is logged in on their workstation.
>Apache gets the kerberos credential, and validates, and  then sends the GIT repo being requested.
>BUT, I want to write a script on linux that will also pass the kerberos credential to the apache GIT server without having any manually intervention. Seems I would create a kerberos keytab for the principal and then use that to >authenticate.... kinit supports authenticating from a keytab using the -k -t <keytab-path> options, but has anyone done this?

Have you attempted prototyping this using curl? It might be able to help out a bit. I have done this in the past with Stash and their REST and credentials, but not using Kerberos. Just a thought.
Cheers,

Randall

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?
  2017-04-03 16:04 How do you script linux GIT client to pass kerberos credential to apache enabled GIT server? ken edward
  2017-04-03 16:20 ` Randall S. Becker
@ 2017-04-04 10:12 ` Mantas Mikulėnas
  1 sibling, 0 replies; 3+ messages in thread
From: Mantas Mikulėnas @ 2017-04-04 10:12 UTC (permalink / raw)
  To: ken edward, git

On 2017-04-03 19:04, ken edward wrote:
> Hello,
> 
> I have my git repositories behind an apache server configured with
> kerberos. Works fine if the user is logged in on their workstation.
> Apache gets the kerberos credential, and validates, and  then sends
> the GIT repo being requested.
> 
> BUT, I want to write a script on linux that will also pass the
> kerberos credential to the apache GIT server without having any
> manually intervention. Seems I would create a kerberos keytab for the
> principal and then use that to authenticate.... kinit supports
> authenticating from a keytab using the -k -t <keytab-path> options,

kinit works, but I think kstart [1] is commonly used for this as well;
takes care of automatic ticket renewal.

ktutil should be able to create a keytab based on your password, but
I've had mixed luck with that. Though still probably easier than
creating a separate instance just for batch tasks...

[1]: https://www.eyrie.org/~eagle/software/kstart/

-- 
Mantas Mikulėnas <grawity@gmail.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-04-04 10:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-03 16:04 How do you script linux GIT client to pass kerberos credential to apache enabled GIT server? ken edward
2017-04-03 16:20 ` Randall S. Becker
2017-04-04 10:12 ` Mantas Mikulėnas

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).