On Sun, May 16, 2010 at 06:45:33AM -0500, Jonathan Nieder wrote:
> reassign 472073 git git-core/1:1.5.4.4-1
> tags 472073 + upstream
> quit
> 
> Hi Brian,
> 
> brian m. carlson wrote:
> 
> > My webserver supports Kerberos 5 and DAV, but for the obvious
> > reason, DAV is only allowed with Kerberos (GSS-Negotiate)
> > authentication.  It would be nice if I could use GSS-Negotiate with
> > git, since it is supported by libcurl.
> 
> I do not know how to check this, but could you try with version 1.7.0
> or 1.7.1?  The patch v1.7.0-rc0~108^2~2 (Add an option for using any
> HTTP authentication scheme, not only basic, 2009-11-27[1]) and its
> companion patch v1.7.0-rc0~108^2 (Remove http.authAny[2]) seem
> relevant.

It doesn't seem to work for me:

  lakeview no % git push http://[email protected]/dump/css.git 
master
  Password: 
  Password: 
  error: The requested URL returned error: 401 while accessing 
http://[email protected]/dump/css.git/info/refs
  
  error: The requested URL returned error: 401 while accessing 
http://[email protected]/dump/css.git/objects/info/packs
  
  Unable to create branch path 
http://[email protected]/dump/css.git/info/
  error: cannot lock existing info/refs
  fatal: git-http-push failed

Also, here's part of the log from the web server:

  172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET 
/dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" 
"git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:20 +0000] "GET /dump/css.git/info/refs 
HTTP/1.1" 401 720 "-" "git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET 
/dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 401 720 "-" 
"git/1.7.1"
  172.16.2.249 - [email protected] [28/May/2010:13:44:24 +0000] "GET 
/dump/css.git/info/refs?service=git-receive-pack HTTP/1.1" 200 307 "-" 
"git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:24 +0000] "GET /dump/css.git/HEAD 
HTTP/1.1" 401 720 "-" "git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:25 +0000] "PROPFIND /dump/css.git/ 
HTTP/1.1" 401 720 "-" "git/1.7.1"
  172.16.2.249 - [email protected] [28/May/2010:13:44:25 +0000] 
"PROPFIND /dump/css.git/ HTTP/1.1" 207 767 "-" "git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD /dump/css.git/info/refs 
HTTP/1.1" 401 205 "-" "git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:25 +0000] "HEAD 
/dump/css.git/objects/info/packs HTTP/1.1" 401 205 "-" "git/1.7.1"
  172.16.2.249 - - [28/May/2010:13:44:25 +0000] "MKCOL /dump/css.git/info/ 
HTTP/1.1" 401 720 "-" "git/1.7.1"

Notice that only for certain requests does git use authentication.  It
needs to use authentication for every request, since access to /dump/ is
only allowed to valid users using Kerberos (for all requests).

Also note that git prompts for a password when one is not needed; this
is probably part of the curl bug noted in the manpage:

  When using this option, you must also provide a fake -u/--user option
  to activate the authentication code properly. Sending a '-u :' is
  enough as the user name and password from the -u option aren't
  actually used.

Using "bmc:@" instead of "bmc@" in the URI makes no difference.  If you
need me to do more testing, please let me know.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply via email to