Bug 1345897

Summary: [RFE] build against httpd24-libcurl to support NTLMv2 and Kerberos/SPNEGO auth
Product: Red Hat Software Collections Reporter: Kamil Dudka <kdudka>
Component: gitAssignee: Petr Stodulka <pstodulk>
Status: CLOSED ERRATA QA Contact: Leos Pol <lpol>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rh-git29CC: dkochuka, hhorak, jorton, lpol
Target Milestone: alphaKeywords: FutureFeature, Triaged
Target Release: 2.3   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rh-git29-git-2.9.2-5.el6 rh-git29-git-2.9.2-5.el7 rh-git29-2.3-4.el6 rh-git29-2.3-4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-15 10:04:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kamil Dudka 2016-06-13 11:58:07 UTC 
Description of problem:
The NTLM authentication is commonly used in mixed Linux/Windows environments.  RHEL-7 libcurl supports only NTLMv1, which is known to be insecure.  On the other hand, bringing NTLMv2 into RHEL-7 libcurl could be disruptive and break backward compatibility.

A possible solution for RHEL customers that need git with NTLMv2 authentication is RHSCL.  git successfully authenticates with NTLMv2 if the httpd24-libcurl library is preloaded via LD_PRELOAD.  Customers now ask for a more enterprise solution.

I propose to link RHSCL git against RHSCL libcurl to address this request.


Version-Release number of selected component (if applicable):
git-1.9.4-6.el7


Steps to Reproduce:
1. git clone over NTLMv2-authenticated HTTP proxy
Comment 10 errata-xmlrpc 2016-11-15 10:04:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2728.html