On Mon, May 05, 2014 at 12:21:33PM +0200, Ivo Bellin Salarin wrote:
> Well, I'm on Windows.
> using `git version 1.9.2.msysgit.0`.
> 
> You can find all the exchanges, recorded with wireshark, of the
> following usecases:
> * git vanilla (not working),
> * VisualStudio2013 with libgit (working)
> * curl (--ntlm, working)
> * curl (--negotiate, not working)

Okay, so what it looks like is that for some reason, the server and
libcurl refuse to connect with Negotiate authentication.  git uses
CURLAUTH_ANY, and libcurl picks the best choice: Negotiate.  The
difference between your setup and mine is that I'm using Negotiate with
Kerberos 5, and you're using Negotiate with NTLM.

What it looks like is happening is that git is offering Negotiate data,
and then your server is responding with a 401 Unauthorized.  libgit2
(presumably using WinHTTP) continues in this case, retrying with a
longer set of credential containing more data, but git gives up.

Both responses comply with RFC 2616, by my reading.  I guess there are a
couple of choices here:

* Make your web server happy with the data that it gets passed
  initially.
* Make git understand that it really needs to try again with different
  credentials in this case (how to do that is unknown).
* Provide some way of forcing git to use a particular authentication
  protocol.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply via email to