Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-07 Thread brian m. carlson
On Tue, Jan 06, 2015 at 04:07:01PM +, Dan Langille (dalangil) wrote: < HTTP/1.1 401 Authorization Required < Date: Tue, 06 Jan 2015 16:02:48 GMT < Server: Apache < WWW-Authenticate: Negotiate Your server is set up incorrectly. You should see a Negotiate line and a Basic line as well. Rig

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-06 Thread Dan Langille (dalangil)
> On Jan 6, 2015, at 10:31 AM, Dan Langille (dalangil) > wrote: > > On Jan 5, 2015, at 6:53 PM, brian m. carlson > wrote: >> >> On Mon, Jan 05, 2015 at 09:23:32PM +, Dan Langille (dalangil) wrote: >>> I have tried both patches. Neither succeeds here. I patched git version >>> 2.2.1 but

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-06 Thread Dan Langille (dalangil)
> On Jan 6, 2015, at 10:31 AM, Dan Langille (dalangil) > wrote: > > On Jan 5, 2015, at 6:53 PM, brian m. carlson > wrote: >> >> On Mon, Jan 05, 2015 at 09:23:32PM +, Dan Langille (dalangil) wrote: >>> I have tried both patches. Neither succeeds here. I patched git version >>> 2.2.1 but

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-06 Thread Dan Langille (dalangil)
On Jan 5, 2015, at 6:53 PM, brian m. carlson wrote: > > On Mon, Jan 05, 2015 at 09:23:32PM +, Dan Langille (dalangil) wrote: >> I have tried both patches. Neither succeeds here. I patched git version >> 2.2.1 but I don’t think that affects this. > > You are patching the client side, corr

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-05 Thread brian m. carlson
On Mon, Jan 05, 2015 at 09:23:32PM +, Dan Langille (dalangil) wrote: I have tried both patches. Neither succeeds here. I patched git version 2.2.1 but I don’t think that affects this. You are patching the client side, correct? That's the side that needs patching here. Just so the list

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-05 Thread Dan Langille (dalangil)
I have tried both patches. Neither succeeds here. I patched git version 2.2.1 but I don’t think that affects this. Before I flood the list with debug runs, I wanted to make sure I was testing with an appropriate configuration: SSLOptions +StdenvVars Options +ExecCGI +FollowSymLinks +SymLin

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-05 Thread Dan Langille (dalangil)
I’ve found the latest patch. Trying this now. Thanks. — Dan Langille Infrastructure & Operations Talos Group Sourcefire, Inc. > On Jan 1, 2015, at 2:56 PM, brian m. carlson > wrote: > > Apache servers using mod_auth_kerb can be configured to allow the user > to authenticate either using Nego

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-03 Thread Jeff King
On Sat, Jan 03, 2015 at 05:45:09PM +, brian m. carlson wrote: > >+{ > >+int flags = CURLAUTH_ANY; > > I think this needs to be unsigned long or it can cause undefined behavior, > since libcurl uses unsigned long in the flags. I'll fix that up when I > reroll. I'll need your

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-03 Thread brian m. carlson
On Sat, Jan 03, 2015 at 06:19:23AM -0500, Jeff King wrote: This pattern gets repeated in several places. Now that http_passwordless_auth is a global, can we handle it automatically for the callers, as below (which, aside from compiling, is completely untested by me)? This looks good (although I

Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-03 Thread Jeff King
On Thu, Jan 01, 2015 at 07:56:27PM +, brian m. carlson wrote: > +void disable_passwordless_auth(struct active_request_slot *slot) > +{ > +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY > +#define HTTP_AUTH_PASSWORDLESS (CURLAUTH_GSSNEGOTIATE) > + curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, > +

[PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

2015-01-01 Thread brian m. carlson
Apache servers using mod_auth_kerb can be configured to allow the user to authenticate either using Negotiate (using the Kerberos ticket) or Basic authentication (using the Kerberos password). Often, one will want to use Negotiate authentication if it is available, but fall back to Basic authentic