Re: How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?
On 2017-04-03 19:04, ken edward wrote: > Hello, > > I have my git repositories behind an apache server configured with > kerberos. Works fine if the user is logged in on their workstation. > Apache gets the kerberos credential, and validates, and then sends > the GIT repo being requested. > > BUT, I want to write a script on linux that will also pass the > kerberos credential to the apache GIT server without having any > manually intervention. Seems I would create a kerberos keytab for the > principal and then use that to authenticate kinit supports > authenticating from a keytab using the -k -t options, kinit works, but I think kstart [1] is commonly used for this as well; takes care of automatic ticket renewal. ktutil should be able to create a keytab based on your password, but I've had mixed luck with that. Though still probably easier than creating a separate instance just for batch tasks... [1]: https://www.eyrie.org/~eagle/software/kstart/ -- Mantas Mikulėnas
RE: How do you script linux GIT client to pass kerberos credential to apache enabled GIT server?
-Original Message- On April 3, 2017 12:04 PM, Ken Edward Wrote: >I have my git repositories behind an apache server configured with kerberos. >Works fine if the user is logged in on their workstation. >Apache gets the kerberos credential, and validates, and then sends the GIT >repo being requested. >BUT, I want to write a script on linux that will also pass the kerberos >credential to the apache GIT server without having any manually intervention. >Seems I would create a kerberos keytab for the principal and then use that to >>authenticate kinit supports authenticating from a keytab using the -k -t > options, but has anyone done this? Have you attempted prototyping this using curl? It might be able to help out a bit. I have done this in the past with Stash and their REST and credentials, but not using Kerberos. Just a thought. Cheers, Randall