Git authentication over apache_mod_krb

Question

I\'m using git repo with git-http-backend. In apache2 I have location what needs authentication for clone and push actions. When I protected it location with AuthType Basic

Answer 1

Problem in curl, because git in debian was compiled with curl option ANY_AUTH, and when git client try connect to webserver and first ask it negotiate auth and it can't do it, git don't try basic auth.

That will be more robust, with Git 2.3.1 (Q1/Q2 2015): see commit 4dbe664 by brian m. carlson (bk2204):

remote-curl: fall back to Basic auth if Negotiate fails

Apache servers using mod_auth_kerb can be configured to allow the user to authenticate either using Negotiate (using the Kerberos ticket) or Basic authentication (using the Kerberos password). Often, one will want to use Negotiate authentication if it is available, but fall back to Basic authentication if the ticket is missing or expired.

However, libcurl will try very hard to use something other than Basic auth, even over HTTPS.
If Basic and something else are offered, libcurl will never attempt to use Basic, even if the other option fails.
Teach the HTTP client code to stop trying authentication mechanisms that don't use a password (currently Negotiate) after the first failure, since if they failed the first time, they will never succeed.