Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Configuring GIT on a server in a Windows / Active Directory environment

We're looking at configuring GIT for use by Windows clients in an Active Directory environment and I'm wondering what configurations people have had success with.

We've initially set up HTTPS/Apache with Basic authentication against AD. However, this requires that credentials be supplied for every push from the client. Would Kerberos be less painful?

I'm dubious about using SSH and private key pairs as it will increase the maintenance required by our IT team. Is there perhaps a way of tying a private key to an AD account in a way that it can be picked up automatically by git (some kind of AD-connected plink.exe replacement)?

I'm basically trying to minimise on-going pain for both the IT team and the developers. Am I wasting my time? Should I be looking at Mercurial instead?

To clarify: I have experience with Git on Windows with github as a remote and I love it. However, I'm happy to look at Mercurial (which I've used, but only a little) if it means better authentication support under Windows.

like image 365
Richard Szalay Avatar asked Nov 13 '22 20:11

Richard Szalay


1 Answers

What is actually the problem? Supplying credentials manually all the time?
It does not matter if you use Kerberos or an LDAP bind against AD, unless your client/server is unable to cache the credentials (e.g. with a session) every (subsequent) request has to be reauthenticated because HTTP is a stateless protocol in contrast to SSH. Though Kerberos would make this way easier in terms of configuration on the host and the client als long as the HTTP transport library of msysgit supports Negotiate with SPNEGO with SSPI or GSSAPI.

I seriously doubt that Mercurial would solve that problem because it does not perform any auth. Some library does for it.

like image 142
Michael-O Avatar answered Dec 09 '22 13:12

Michael-O