2

Previously, with my TFS2012 server, using git tf, a Linux user which is logged in using single-sign-on with Kerberos (credentials show up in klist) would not have to enter his username or password.

With TFS2013 using Git for source control, any push/fetch command requires a username and a password. This can be alleviated by modifying the remote URL to http://user:password@server/..., but that is insecure, and requires updating whenever the password changes. Is there any way to use Kerberos credentials for TFS2013 git HTTP authentication?

Note: As later checked, the username and password are not required, just requested. Hitting plain return will cause got to fall back to kerberos authentication, which works. How do I get git to try kerberos first?

lutzky
  • 598
  • 5
  • 12
  • 1
    You can use an gpg-encrypted `.netrc` file: http://stackoverflow.com/a/18362082/6309, instead of keeping your password in plain text in your https url. – VonC Dec 30 '13 at 20:52
  • 1
    Is your TFS2013 server configured to use Kerberos? Or is it in NTLM mode (default)? – jessehouwing Dec 30 '13 at 21:01
  • 1
    Yes, the server is configured to use kerberos. – lutzky Jan 01 '14 at 08:04
  • I asked around a bit and this is supposedly default git behavior. It asks so that you can opt to use different credentials.If you supply none,your kerberos credentials are used. TFS isn't doing anything special here, it's Git that's acting 'weird'. – jessehouwing Jan 08 '14 at 14:32
  • Yes, I'm asking if there's any way to change this behavior in git. – lutzky Jan 08 '14 at 18:20
  • That should work better with git 2.8: http://stackoverflow.com/a/35626443/6309 – VonC Feb 25 '16 at 11:53

1 Answers1

2

If libcurl, which is used by git for HTTP(S), is supplied with empty credentials, it will happily do Negotiate authentication. When prompted for username and password, just hit Enter twice.

To save the empty credential, set your credential helper to the basic store:

git config --global credential.helper store

Then on your next interaction with the remote (push, pull, clone, etc) just hit enter twice.

Credit for this answer should go to diegows for this answer.

Community
  • 1
  • 1
Mike Dimmick
  • 9,662
  • 2
  • 23
  • 48