Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit » is HTTP authentication broken again?(Can't seem to push to an apache/smart http server due to HTTP 401)
is HTTP authentication broken again? [message #795551] Fri, 10 February 2012 15:50 Go to next message
Jonathan Essex is currently offline Jonathan Essex
Messages: 2
Registered: February 2012
Junior Member
Aware that there is a bug marked 'fixed' on this topic.

I'm on Indigo, eGit 1.2.20111221

I've set up an http server with the smart http backend, set up to allow non-authenticated reads and require authentication for write.

It all works swimmingly with command-line GIT.

Using eGit, I can clone but not push to this remote repository; it shows a 401 error in the apache log when I try. I've tried every way of entering credentials I can think of.

Should the original bug be fixed in the version of eGit I am using? Does anyone have eGit working with an authenticated push over http?

Thanks
Jon
Re: is HTTP authentication broken again? [message #797680 is a reply to message #795551] Mon, 13 February 2012 19:47 Go to previous messageGo to next message
Matthias Sohn is currently offline Matthias Sohn
Messages: 580
Registered: July 2009
Senior Member
I use a recent nightly against https://git.eclipse.org/r every day. If your
Java installation doesn't trust the issuer of the SSL certificate it might be
necessary to use keytool to tell Java it should trust your server's certificate
or the CA which created it.
Re: is HTTP authentication broken again? [message #798947 is a reply to message #797680] Wed, 15 February 2012 09:00 Go to previous messageGo to next message
Jonathan Essex is currently offline Jonathan Essex
Messages: 2
Registered: February 2012
Junior Member
Do you use HTTP auth on all operations or just on write? My problem (appears) to have been fixed by switching basic authentication on at the server for read operations so that the authentication had to be provided for the original clone operation as well as for subsequent writes. That said, I was doing a lot of mucking about with the setup to try and get it to work so it is possible that something else I changed actually fixed it. I haven't yet had time to check that switching auth off for read reproduces the problem for a newly cloned repo.

Your reply also raises an interesting question: should it be possible to make client certificate based authentication work just by messing about with keytool etc? That would actually work better for me than basic auth...

Many thanks for the response, anyway!!
Jon
Re: is HTTP authentication broken again? [message #803760 is a reply to message #798947] Tue, 21 February 2012 19:23 Go to previous message
Matthias Sohn is currently offline Matthias Sohn
Messages: 580
Registered: July 2009
Senior Member
Jonathan Essex wrote on Wed, 15 February 2012 04:00
Do you use HTTP auth on all operations or just on write? My problem (appears) to have been fixed by switching basic authentication on at the server for read operations so that the authentication had to be provided for the original clone operation as well as for subsequent writes. That said, I was doing a lot of mucking about with the setup to try and get it to work so it is possible that something else I changed actually fixed it. I haven't yet had time to check that switching auth off for read reproduces the problem for a newly cloned repo.

Most of the time I use HTTP for all operations since at work I sit behind
a proxy which doesn't like ssh traffic. AFAIK JGit supports basic and digest
authentication.

Quote:

Your reply also raises an interesting question: should it be possible to make client certificate based authentication work just by messing about with keytool etc? That would actually work better for me than basic auth...

No, the certificates I was talking about are the server certificates which your client HTTPS
stack checks in order to trust the server it's talking to (you want to be sure that you are
talking to a trusted server). If this certificate isn't issued by a CA which Java trusts out
of the box you either have to muck around with keytool to make it trust your CA or
you ignore this check (by setting http.sslVerify = false) and hope the server isn't a
malicious one.

Around a year back we worked on support for client certificate based authentication [1], [2].
Unfortunately we didn't find the time to finish this yet. One of the problems we were
struggling with was finding out how to configure native git to use client certificates for
authentication. Do you have any experience with that ?

[1] https://git.eclipse.org/r/#/c/3263/
[2] https://git.eclipse.org/r/#/c/3200/
https://git.eclipse.org/r/#/c/3199/
Previous Topic:aborting a merge
Next Topic:UPgrading to JGit / EGit Release 1.3
Goto Forum:
  


Current Time: Tue Sep 23 20:28:45 GMT 2014

Powered by FUDForum. Page generated in 0.02744 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software