I need an application to be able to fetch from a git repository but not push to it, so, that's the read-only part. That could easily be done with git daemon.
On top of that, I need access to said repository to be password-protected, including for reading it. So before any fetching can happen, the application will need to authenticate.
Is it doable? with git daemon? something else? http + auth maybe?
HTTP authentication will not protect the pack being transmitted over the wire, so if you are worried about eavesdroppers HTTP authentication will not suffice. Also, git is much more efficient using the git protocol than the HTTP protocol. git-daemon, however, does not do authentication for you.
Probably the best solution is to use gitosis which will allow you to protect the repository using ssh--cryptographically strong authentication, and confidentiality over the wire--and control access to the repository as well (e.g., have some users read-write and some users read-only). This will use the efficient git protocol over your ssh connection.
If you are willing to outsource this, github is perhaps the best approach. They have plans at different price points to meet many needs.
I like having a combination out of git + gitolite + gitweb
where gitweb gives a very lean and fast webfrontend
and gitolite is doing all authorization tasks, so you can give permissions to read or write on a (ssh) user-level (even the configuration of gitolite is handeled as a plain git repository, that means, authorization/configuration changes are trackable)
To create an authenticated "read only" repository, provide SSH access to the repository for all applicable parties but only allow push requests (write access) to a sub-set of the parties by using an update-hook as exampled here.
You can fetch via SSH, which is both authenticated and encrypted channel. I don't know if gitosis would help you to manage SSH acces in lieu of setting up shell accounts with git-shell as shell.
