"Git" gurus, could you please help me in something
As far as I know, Git access could be manipulated through server user/group authentication. but is there is any way that I can use another access authentication regardless the OS server authentication?
I mean like SVN, Users only defined for SVN
You can use ssh, combined with Gitolite (an access control library in Perl, for Git): that will use the matching between ssh public key, and the username defined only for Gitolite.
See more at "How do programs like gitolite work?".
If you are using/installing Git hosting services like GitLab (ruby) or GitbLit (java), then the users can be defined in a dedicated database for those services.
In both cases, the user authentication doesn't rely on the OS.
Related
I use TFS for source control and when I use git command line from new machine, I need to save credentials manager manually. Otherwise, I receive "Authentication Failed"
Is there alternative than pre-defining credentials in credential manager?
Current case from CentOS 7:
The Git Credential Manager which is just used to provide security Git credential storage. It's ok to pre-defining credentials in credential manager.
However for macOS and Linux, instead of using credential manager,
We recommend using SSH keys to authenticate to Azure DevOps,
not a credential manager.
SSH public key authentication works with a pair of generated encryption keys. The public key is shared and used to encrypt messages. The private key is kept safe and secure on your system and is used to read messages encrypted with the public key.
More details please take a look at our official tutorial--Use SSH key authentication
Update
Besides, you could also use PAT token to access git repositories.
To authenticate with the PAT while using Git, you can use it as the password. The username can be anything, since your identity is identified with the PAT. For example:
Username: anything
Password:
Or:
git clone https://anything:<PAT>#dev.azure.com/yourOrgName/yourProjectName/_git/yourRepoName
More details please take a look at this link.
As for how to use PAT, you could refer this -- Authenticate access with personal access tokens
Note: This is only available with TFS2017 version and above. Besides, recommend you keep IIS Basic Authentication turned off when using Azure DevOps Server. When IIS Basic Authentication is enabled on your windows machine, it prevents you from using personal access tokens (PATs) as an authentication mechanism.
I want to connect my own system to gitlab only for authentication.
After that i should be able to manage all the usernames and passwords of gitlab through my system.
Could you please help me to solve this scenario. Thank you.
That would be using the GitLab User API (as admin of your GitLab instance)
You can then add SSH keys for a user, or modify an existing user account (including their password)
You can do so through any number of GitLab API client.
I am trying to learn how to hot my own git server on Linux using SSH. I am reading this tutorial
In this tutorial, it says to create a user for git. But it does not explain what I would want to create a user for git. Why would I want to do this? Can I not just keep the git repos under my main user?
This git repo is only for me, so could I not put it under my main user?
Because the tutorial uses ssh.
The idea is to let ssh handle the authentication through the addition of a user's public key to an Git hosting admin account .ssh/authorized_keys file.
That way, multiple users can be authentication through that one account ssh session.
Hence a 'git' user (with its ~git/.ssh/authorized_keys file)
Even if you are the only user, it is a best practice to decouple Git access from Git administration, especially for ssh access.
That way, if interactive ssh shell session is achieved, you only have access to Git data, not your own personal data.
I'm working on a web app that uses SharpSVN to checkout from a repo using svn+ssh. I have configured my ssh client correctly in my AppData config file by adding the path to Plink under the [tunnels] section, but checkout requests still give me an error message. The message itself isn't particularly informative (it merely tells me to remove the -q option to better debug SSH connection issues), but I trust it's an authentication issue.
Normally in Tortoise I would just use pageant, but I don't think the IIS user has access to pageant or the keys stored on it.
Two possible solutions come to mind:
Grant IIS user access to the pageant keys
Fix configurations to allow direct storage of user/password inside web.config connectionString
Ideally, I'd like to use the second option, but I have yet to figure out how to get either of these to work. Does anybody have experience with using SVN over ssh in a web application?
I'm running Mercurial's hgwebdir.cgi on WinXP over IIS as a central repo for sharing code with my team. I'd like to use ActiveDirectory to authenticate to the server when pushing/pulling through TortoiseHg and/or the command-line hg client. Has anyone done this or seen instructions on how to do this?
I know this has already got an accepted answer, but I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:
Setting up Mercurial's hg web interface on IIS.
Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
Customizing the style/feel of the hg web user interface to your own taste.
Setting up and configuring Mercurial in a Windows/IIS/Active Directory environment (web.archive.org mirror)
hgwebdir.cgi doesn't really authentication, although it can do authorization. You probably want to take care of authentication in the IIS config. (I don't have any experience with IIS, but that's how it works with Apache, at least.)
Authentication is performed by IIS. In IIS Manager, allow Basic Authentication on the directory containing hgwebdir.cgi script. Then edit the Basic Authentication settings and set default domain and realm to your domain name.
In hgweb.config add
allow_push = <username>
replacing <username> with your username(s) for people who will be able to perform push.
This worked for me.
Excuse my necroposting, but I've just released an alpha version of HgLab, which is a Mercurial Server for Windows and it supports Active Directory authentication out of the box.