Bug 1345897 - [RFE] build against httpd24-libcurl to support NTLMv2 and Kerberos/SPNEGO auth
Summary: [RFE] build against httpd24-libcurl to support NTLMv2 and Kerberos/SPNEGO auth
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: git
Version: rh-git29
Hardware: x86_64
OS: Linux
Target Milestone: alpha
: 2.3
Assignee: Petr Stodulka
QA Contact: Leos Pol
Depends On:
TreeView+ depends on / blocked
Reported: 2016-06-13 11:58 UTC by Kamil Dudka
Modified: 2019-12-16 05:55 UTC (History)
4 users (show)

Fixed In Version: rh-git29-git-2.9.2-5.el6 rh-git29-git-2.9.2-5.el7 rh-git29-2.3-4.el6 rh-git29-2.3-4.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-15 10:04:35 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2728 0 normal SHIPPED_LIVE new packages: rh-git29 2016-11-15 14:37:48 UTC

Description Kamil Dudka 2016-06-13 11:58:07 UTC
Description of problem:
The NTLM authentication is commonly used in mixed Linux/Windows environments.  RHEL-7 libcurl supports only NTLMv1, which is known to be insecure.  On the other hand, bringing NTLMv2 into RHEL-7 libcurl could be disruptive and break backward compatibility.

A possible solution for RHEL customers that need git with NTLMv2 authentication is RHSCL.  git successfully authenticates with NTLMv2 if the httpd24-libcurl library is preloaded via LD_PRELOAD.  Customers now ask for a more enterprise solution.

I propose to link RHSCL git against RHSCL libcurl to address this request.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. git clone over NTLMv2-authenticated HTTP proxy

Comment 10 errata-xmlrpc 2016-11-15 10:04:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.