From: Jean-Francois Bouchard <jfbouchard@accedian.com>
To: git <git@vger.kernel.org>
Subject: Git + mod_auth_kerb
Date: Mon, 21 Jul 2014 17:06:50 -0400 [thread overview]
Message-ID: <CAPYmS35cgcEOfKvT17tULYyxL5GgXBavkD6anhV6yJtdoXVE9Q@mail.gmail.com> (raw)
Hello,
We are currently working on a single sign on setup for our git install. We are
using git 2.0.2 (ubuntu) plus apache/2.2.22 mod_auth_kerb on the
server side. Here some scenario we are trying to accomplish :
-Without Kerberos ticket stored.
Git ask for username/password.
Result = Authentication failed
-Kerberos ticket in store and BAD password :
Git ask for username/password.
Result = Authentication failed
-Kerberos ticket in Store entering good password :
Git ask for username/password.
Result = Authentication failed on some host, other works
-Kerberos ticket in Store and embedding the username in the URI (aka
https://username@repo)
Git don't ask for anything or ask for password
Result = Works on some host, other request the password. (Will fail if
the kerberos ticket not in store)
This is a very strange behaviour. It seems to be cause by the way
libcurl and git interact and the way the authentication goes
(Negociate first, then basic auth). I have tried to use the helper to
store invalid authentication information. With not much success.
Any idea ?
Thanks,
JF
--
Avis de confidentialité
Les informations contenues dans le présent message et dans toute pièce qui
lui est jointe sont confidentielles et peuvent être protégées par le secret
professionnel. Ces informations sont à l’usage exclusif de son ou de ses
destinataires. Si vous recevez ce message par erreur, veuillez s’il vous
plait communiquer immédiatement avec l’expéditeur et en détruire tout
exemplaire. De plus, il vous est strictement interdit de le divulguer, de
le distribuer ou de le reproduire sans l’autorisation de l’expéditeur.
Merci.
Confidentiality notice
This e-mail message and any attachment hereto contain confidential
information which may be privileged and which is intended for the exclusive
use of its addressee(s). If you receive this message in error, please
inform sender immediately and destroy any copy thereof. Furthermore, any
disclosure, distribution or copying of this message and/or any attachment
hereto without the consent of the sender is strictly prohibited. Thank you.
next reply other threads:[~2014-07-21 21:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-21 21:06 Jean-Francois Bouchard [this message]
2014-07-21 23:17 ` Git + mod_auth_kerb brian m. carlson
2014-07-22 16:41 ` Jean-Francois Bouchard
2014-07-23 1:59 ` brian m. carlson
2014-07-22 17:00 ` Junio C Hamano
2014-07-22 23:32 ` brian m. carlson
2014-07-26 20:57 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPYmS35cgcEOfKvT17tULYyxL5GgXBavkD6anhV6yJtdoXVE9Q@mail.gmail.com \
--to=jfbouchard@accedian.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).