git-lfs-server icon indicating copy to clipboard operation
git-lfs-server copied to clipboard

Published 20 hours ago verified publisher icon artemkin

Getting PAM authentication working

Open arkdae opened this issue 6 years ago • 2 comments

I am unable to get the server to work when I start it with PAM authentication:

./lfs_server.sh -verbose -pam login -p 8080

I have gitolite return this:

ssh -l gitolite localhost git-lfs-authenticate { "href": "http://localhost:8080", "header": { "Authorization": "git_lfs git_lfs" } }

But lfs_server doesn't like the login/password:

Error 127.0.0.1 "POST /objects/batch HTTP/1.1" 401 Unauthorized "The authentication credentials are incorrect"

journalctl -f shows no activity, even though I added the debug keyword to PAM's /etc/pam.d/login auth lines. Conversely when I log in on this computer as git_lfs, it does show some output. So, I'm not convinced that lfs_server is actually consulting PAM here. Does the JSON output above need to have the Authorization field in base64 encoding? I could not find a definitive answer on that online, but looking at the git-lfs client code it seems that it does the base64 encoding itself.

Is there a way to see from lfs_server's point of view what the credentials are? I tried looking at this code but I do not know this programming language.

arkdae avatar May 11 '18 14:05 arkdae

Hmm... it should use PAM login service. Try to sudo lfs_server, because PAM may restrict access for regular users by default iirc.

artemkin avatar May 21 '18 09:05 artemkin

Even running it sudo gives me the exact same unauthorized error.

arkdae avatar May 29 '18 12:05 arkdae