On Sun, May 16, 2010 at 06:45:33AM -0500, Jonathan Nieder wrote: > reassign 472073 git git-core/1:1.5.4.4-1 > tags 472073 + upstream > quit > > Hi Brian, > > brian m. carlson wrote: > > > My webserver supports Kerberos 5 and DAV, but for the obvious > > reason, DAV is only allowed with Kerberos (GSS-Negotiate) > > authentication. It would be nice if I could use GSS-Negotiate with > > git, since it is supported by libcurl. > > I do not know how to check this, but could you try with version 1.7.0 > or 1.7.1? The patch v1.7.0-rc0~108^2~2 (Add an option for using any > HTTP authentication scheme, not only basic, 2009-11-27[1]) and its > companion patch v1.7.0-rc0~108^2 (Remove http.authAny[2]) seem > relevant.
It doesn't seem to work for me: lakeview no % git push http://[email protected]/dump/css.git master Password: Password: error: The requested URL returned error: 401 while accessing http://[email protected]/dump/css.git/info/refs error: The requested URL returned error: 401 while accessing http://[email protected]/dump/css.git/objects/info/packs Unable to create branch path http://[email protected]/dump/css.git/info/ error: cannot lock existing info/refs fatal: git-http-push failed Also, here's part of the log from the web server: 172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - [email protected] [28/May/2010:13:44:24 +0000] "GET /dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 200 307 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/HEAD HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 401 720 "-" "git/1.7.1" 172.16.2.249 - [email protected] [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ HTTP/1.1" 207 767 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/info/refs HTTP/1.1" 401 205 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/objects/info/packs HTTP/1.1" 401 205 "-" "git/1.7.1" 172.16.2.249 - - [28/May/2010:13:44:25 +0000] "MKCOL /dump/css.git/info/ HTTP/1.1" 401 720 "-" "git/1.7.1" Notice that only for certain requests does git use authentication. It needs to use authentication for every request, since access to /dump/ is only allowed to valid users using Kerberos (for all requests). Also note that git prompts for a password when one is not needed; this is probably part of the curl bug noted in the manpage: When using this option, you must also provide a fake -u/--user option to activate the authentication code properly. Sending a '-u :' is enough as the user name and password from the -u option aren't actually used. Using "bmc:@" instead of "bmc@" in the URI makes no difference. If you need me to do more testing, please let me know. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature

