My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1398: Gerrit can't extract user id from Authorization header generated by HTTP Negotiate authentication
2 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by Yubao....@gmail.com, May 21, 2012
Affected Version: 2.3

What steps will reproduce the problem?
1. Setup a Apache server with mod_auth_kerb in front of Gerrit
2. Access the Gerrit virtual host on the Apache server
3. Gerrit complains it can't find Authorization header

The reason is Gerrit can't process "Authorization: Negotiate xxxxx",
I don't know whether it's hard to extract user id from this kind of
header, I can bypass this issue by letting Gerrit use special HTTP
header such as X-Forwarded-User which is inserted by Apache with mod_rewrite:

    <Location /login/>
        AuthType Kerberos
        Require valid-user

        Order allow,deny
        Allow from all

        RewriteEngine On
        RewriteCond %{REMOTE_USER} (.+)
        RewriteRule .* - [E=RU:%1]
        RequestHeader set X-Forwarded-User %{RU}e
    </Location>

Supporting HTTP Negotiate header is a good-to-have enhancement,
but this issue doesn't harm much, if you think it's not worth,
you are free to mark it WONTFIX, then I hope this configuration
snippet can be mentioned in Gerrit document.


Sign in to add a comment

Powered by Google Project Hosting