Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Integrated Authentication disabled by default? #194

Closed
2 of 9 tasks
mrsvk opened this issue Oct 24, 2020 · 2 comments · Fixed by #196
Closed
2 of 9 tasks

Windows Integrated Authentication disabled by default? #194

mrsvk opened this issue Oct 24, 2020 · 2 comments · Fixed by #196
Labels
auth:wia Specific to Windows Integrated Authentication (NTLM/Kerberos) bug A bug in Git Credential Manager platform:windows Specific to the Windows platform

Comments

@mrsvk
Copy link

mrsvk commented Oct 24, 2020

Which version of GCM Core are you using?
Git Credential Manager version 2.0.252-beta+fe025c12fc (Windows, .NET Framework 4.0.30319.42000)

Which Git host provider are you trying to connect to?

  • Azure DevOps
  • Azure DevOps Server (TFS/on-prem)
  • GitHub
  • GitHub Enterprise
  • Bitbucket
  • Other - please describe

Can you access the remote repository directly in the browser using the remote URL?
Yes

From a terminal, run git remote -v to see your remote URL.

  • Yes
  • No, I get a permission error
  • No, for a different reason - please describe

Expected behavior

I am authenticated and my Git operation completes successfully.

Actual behavior

I just upgraded from GCM with the latest Git for Windows (2.29.0). Authentication does not succeed, as Windows Integrated Authentication does not seem to be enabled by default. This is contrary to the documentation for GCM_ALLOW_WINDOWSAUTH and credential.allowWindowsAuth which suggest it should be.

I see the following line with GCM_TRACE enabled when attempting a git fetch:

23:50:59.590927 ...icHostProvider.cs:83 trace: [GenerateCredentialAsync] Windows Integrated Authentication detection has been disabled.

If I set GCM_ALLOW_WINDOWSAUTH=1, authentication is successful until I unset it again. If I put allowWindowsAuth = true into the [credential] section of my .gitconfig, that also works. However, interestingly, I cannot specify it for just a single scoped url entry. Adding it to [credential "my.server.here"] or [credential "https://my.server.here"] have no effect. If I change provider = in those scoped sections, that does work - putting in 'github' instead of 'generic' yields the github prompt. So, my sections should be correct.

Ultimately, I'm looking for clarification before I write the documentation for my team on the transition. Should allowWindowsAuth be true by default and we don't need to act at all? Do we have to set it at the [credential] level because URL-scoped sections don't work?
@mjcheetham mjcheetham added auth:wia Specific to Windows Integrated Authentication (NTLM/Kerberos) bug A bug in Git Credential Manager platform:windows Specific to the Windows platform labels Oct 26, 2020
@mjcheetham mjcheetham mentioned this issue Oct 26, 2020
Merged
@mjcheetham
Copy link
Collaborator

Hello @mrsvk, thanks for your interest in GCM Core!

Yes, that is a bug. Windows Integrated Authentication should be enabled by default. I have a PR up to fix this, and it will be included on the next release of GCM Core.

You should not need to set the GCM_ALLOW_WINDOWSAUTH=1 environment variable or allowWindowsAuth = true config.

@mrsvk
Copy link
Author

mrsvk commented Oct 27, 2020

@mjcheetham Thanks for the response! I'll watch for a new release and re-evaluate at that time.

@bbezanson bbezanson mentioned this issue Oct 28, 2020
Closed
@mjcheetham mjcheetham mentioned this issue Nov 2, 2020
Merged
@ldennington ldennington mentioned this issue Dec 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth:wia Specific to Windows Integrated Authentication (NTLM/Kerberos) bug A bug in Git Credential Manager platform:windows Specific to the Windows platform
Projects
None yet
Milestone
No milestone
2 participants
@mjcheetham @mrsvk