lunny/git-lfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix the md formatting. linebreak waaaaar

Browse Source
This commit is contained in:
risk danger olson 2015-11-06 10:03:06 -08:00
parent ac9219c61c
commit bacc69fe7c
1 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/proposals/ntlm.md
View File

@ -1,27 +1,27 @@
++# NTLM Authentication With Git-Lfs # NTLM Authentication With Git-Lfs
++
++Enterprise users in a windows ecosystem are frequently required to use integrated auth. Basic auth does not meet their security requirements and setting up SSH on Windows is painful. Enterprise users in a windows ecosystem are frequently required to use integrated auth. Basic auth does not meet their security requirements and setting up SSH on Windows is painful.
++
++There is an overview of NTLM at http://www.innovation.ch/personal/ronald/ntlm.html There is an overview of NTLM at http://www.innovation.ch/personal/ronald/ntlm.html
++
++### Implementation ### Implementation
++
++If the LFS server returns a "Www-Authenticate: NTLM" header, we will set lfs.{endpoint}.access to be ntlm and resubmit the http request. Subsequent requests will If the LFS server returns a "Www-Authenticate: NTLM" header, we will set lfs.{endpoint}.access to be ntlm and resubmit the http request. Subsequent requests will
++go through the ntlm auth flow. go through the ntlm auth flow.
++
++We will store NTLM credentials in the credential helper. When the user is prompted for their credentials they must use username:{DOMAIN}\{user} and password:{pass} We will store NTLM credentials in the credential helper. When the user is prompted for their credentials they must use username:{DOMAIN}\{user} and password:{pass}
++
++The ntlm protocl will be handled by an ntlm.go class that hides the implementation of InitHandshake, Authenticate, and Challenge. This allows miminal changesto the existing The ntlm protocl will be handled by an ntlm.go class that hides the implementation of InitHandshake, Authenticate, and Challenge. This allows miminal changesto the existing
++client.go class. client.go class.
++
++### Tech ### Tech
++
++There is a ntlm-go library available at https://github.com/ThomsonReutersEikon/go-ntlm that we can use. We will need to implementate the Negotiate method and publish docs on what NTLM switches we support. I think simple user/pass/domain is best here so we avoid supporting a million settings with conflicting docs. There is a ntlm-go library available at https://github.com/ThomsonReutersEikon/go-ntlm that we can use. We will need to implementate the Negotiate method and publish docs on what NTLM switches we support. I think simple user/pass/domain is best here so we avoid supporting a million settings with conflicting docs.
++
++### Work ### Work
++
++Before supporting this as a mainstream scenario we should investigate making the CI work on windows so that we can successfully test changes. Before supporting this as a mainstream scenario we should investigate making the CI work on windows so that we can successfully test changes.
++
++### More Info ### More Info
++
++You can see a hacked-together implementation of git lfs push with NTLM at https://github.com/WillHipschman/git-lfs/tree/ntlm You can see a hacked-together implementation of git lfs push with NTLM at https://github.com/WillHipschman/git-lfs/tree/ntlm