summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorLibravatar Petr Stodulka <pstodulk@redhat.com>2016-09-28 20:01:34 +0200
committerLibravatar Junio C Hamano <gitster@pobox.com>2016-09-29 20:39:23 -0700
commit26a7b2342980f2eb46b47122d1d6dfbf13ed4ccb (patch)
tree13a0d669ec8d181f7075f73a32ea825f760f4921 /Documentation
parentStart preparing for 2.10.1 (diff)
downloadtgif-26a7b2342980f2eb46b47122d1d6dfbf13ed4ccb.tar.xz
http: control GSSAPI credential delegation
Delegation of credentials is disabled by default in libcurl since version 7.21.7 due to security vulnerability CVE-2011-2192. Which makes troubles with GSS/kerberos authentication when delegation of credentials is required. This can be changed with option CURLOPT_GSSAPI_DELEGATION in libcurl with set expected parameter since libcurl version 7.22.0. This patch provides new configuration variable http.delegation which corresponds to curl parameter "--delegation" (see man 1 curl). The following values are supported: * none (default). * policy * always Signed-off-by: Petr Stodulka <pstodulk@redhat.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/config.txt14
1 files changed, 14 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 0bcb6790d6..c588168d39 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1730,6 +1730,20 @@ http.emptyAuth::
a username in the URL, as libcurl normally requires a username for
authentication.
+http.delegation::
+ Control GSSAPI credential delegation. The delegation is disabled
+ by default in libcurl since version 7.21.7. Set parameter to tell
+ the server what it is allowed to delegate when it comes to user
+ credentials. Used with GSS/kerberos. Possible values are:
++
+--
+* `none` - Don't allow any delegation.
+* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the
+ Kerberos service ticket, which is a matter of realm policy.
+* `always` - Unconditionally allow the server to delegate.
+--
+
+
http.extraHeader::
Pass an additional HTTP header when communicating with a server. If
more than one such entry exists, all of them are added as extra