I am trying to get http://git-scm.com/docs/git-http-backend to auth via
Kerberos.
I have success when a Kerberos ticket is present.
I am trying to get git to authenticate with Kerberos when a ticket is not
present.
Here is what succeeds with a ticket:
<Location /git>
SSLOptions +StdenvVars
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
# By default, allow access to anyone.
Order allow,deny
Allow from All
# Enable Kerberos authentication using mod_auth_kerb.
AuthType Kerberos
AuthName “us.example.com"
KrbAuthRealm us.example.com
Krb5KeyTab /usr/local/etc/apache22/repo-test.keytab
KrbMethodNegotiate on
KrbSaveCredentials on
KrbVerifyKDC on
KrbServiceName Any
Require valid-user
</Location>
This is what happens without a valid ticket:
$ git clone https://us.example.com/git/clamav-bytecode-compiler
Cloning into 'clamav-bytecode-compiler'...
Username for 'https://us.example.com': dan
Password for 'https://d...@us.example.com':
fatal: Authentication failed for
'https://us.example.com/git/clamav-bytecode-compiler/'
Of note, I see this in the Apache logs:
Thu Dec 18 16:43:35 2014] [debug] src/mod_auth_kerb.c(1749): [client
10.7.69.10] kerb_authenticate_user entered with user (NULL) and auth_type
Kerberos
Ideas? Suggestions? Hints? Thanks.
—
Dan Langille
Infrastructure & Operations
Talos Group
Sourcefire, Inc.
N�����r��y����b�X��ǧv�^�){.n�+����ا����ܨ}���Ơz�&j:+v��������zZ+��+zf���h���~����i���z���w���?�����&�)ߢ�f
