*Git* can now be used with HTTP or HTTPS and SSO
Since *libcurl* version 7.19.7-30, a new paramater for delegating Kerberos tickets is required because of CVE-2011-2192. Previously, *Git* did not provide a way to set such a parameter. As a consequence, using *Git* with HTTP or HTTPS and Single Sign-On (SSO) was impossible. With this update, *Git* provides a new `http.delegation` configuration variable, which corresponds to the cURL `--delegation` parameter. Users need to set this parameter when delegation of Kerberos tickets is required.
libcurl provides the CURLOPT_GSSAPI_DELEGATION option to configure credential delegation at the application level:
https://curl.haxx.se/libcurl/c/CURLOPT_GSSAPI_DELEGATION.html
git does not seem to use it currently. The solution for this bug needs to be discussed with git's upstream first to make sure that we stay compatible with future releases of git.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2017-0640.html