diff options
author | Petr Stodulka <pstodulk@redhat.com> | 2016-09-28 20:01:34 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-09-29 20:39:23 -0700 |
commit | 26a7b2342980f2eb46b47122d1d6dfbf13ed4ccb (patch) | |
tree | 13a0d669ec8d181f7075f73a32ea825f760f4921 /Documentation | |
parent | Start preparing for 2.10.1 (diff) | |
download | tgif-26a7b2342980f2eb46b47122d1d6dfbf13ed4ccb.tar.xz |
http: control GSSAPI credential delegation
Delegation of credentials is disabled by default in libcurl since
version 7.21.7 due to security vulnerability CVE-2011-2192. Which
makes troubles with GSS/kerberos authentication when delegation
of credentials is required. This can be changed with option
CURLOPT_GSSAPI_DELEGATION in libcurl with set expected parameter
since libcurl version 7.22.0.
This patch provides new configuration variable http.delegation
which corresponds to curl parameter "--delegation" (see man 1 curl).
The following values are supported:
* none (default).
* policy
* always
Signed-off-by: Petr Stodulka <pstodulk@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/config.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index 0bcb6790d6..c588168d39 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1730,6 +1730,20 @@ http.emptyAuth:: a username in the URL, as libcurl normally requires a username for authentication. +http.delegation:: + Control GSSAPI credential delegation. The delegation is disabled + by default in libcurl since version 7.21.7. Set parameter to tell + the server what it is allowed to delegate when it comes to user + credentials. Used with GSS/kerberos. Possible values are: ++ +-- +* `none` - Don't allow any delegation. +* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the + Kerberos service ticket, which is a matter of realm policy. +* `always` - Unconditionally allow the server to delegate. +-- + + http.extraHeader:: Pass an additional HTTP header when communicating with a server. If more than one such entry exists, all of them are added as extra |