在 Windows 上配置 Git 以使用 NTLM 代理身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5060437/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Configuring Git on Windows to use NTLM proxy authentication
提问by Greg Hewgill
I'm trying to access a repository on Github from a Windows machine that is behind a proxy that requires NTLM authentication. Neither SSH nor the git:// protocol are directly available, so I'm trying to make this work with HTTPS through the proxy.
我正在尝试从需要 NTLM 身份验证的代理后面的 Windows 机器访问 Github 上的存储库。SSH 和 git:// 协议都不是直接可用的,所以我试图通过代理使用 HTTPS 进行这项工作。
With the help of NTLM proxy without password?I have been able to make the curlbinary supplied with msysgit play nice with the proxy:
在没有密码的NTLM 代理的帮助下?我已经能够使curlmsysgit 提供的二进制文件与代理一起玩得很好:
curl -U : --proxy-ntlm --proxy xxx.xxx.xx.xx:8080 https://github.com
This is successful and returns the Github home page.
这是成功并返回Github主页。
However, I found an article from Feb 2010 Proxying Gitthat states (emphasis mine):
但是,我发现 2010 年 2 月的一篇文章Proxying Git指出(强调我的):
Unfortunately it appears that curl will always use Basic authentication with the proxy. If your proxy needs something else, perhaps NTLM for a Windows network, then you have a problem. Curl is used to handle all the http transport details and this does support the NTLM authentication method but I know of no method to pass the necessary options to curl. Git makes use of curl via its library binding so it is not enought just to replace the curl executable with a wrapper script.
不幸的是,curl 似乎总是对代理使用基本身份验证。如果您的代理需要其他东西,例如 Windows 网络的 NTLM,那么您就有问题了。curl 用于处理所有 http 传输细节,这确实支持 NTLM 身份验证方法,但我知道没有任何方法可以将必要的选项传递给 curl。Git 通过其库绑定使用 curl,因此仅用包装脚本替换 curl 可执行文件是不够的。
I know about the core.gitproxyoption in the Git configuration, but that appears to only apply to the git:// protocol. Similarly, the http.proxyoption sets the address of the proxy, but provides no way to supply the appropriate options to curl.
我知道core.gitproxyGit 配置中的选项,但这似乎只适用于 git:// 协议。类似地,该http.proxy选项设置代理的地址,但无法为 curl 提供适当的选项。
采纳答案by Richard Hansen
Try Cntlm. It's a proxy designed to sit between a program that doesn't understand NTLM (e.g., Git) and a proxy that requires NTLM. It does the NTLM authentication so that the app doesn't have to.
试试Cntlm。它是一种代理,旨在介于不理解 NTLM(例如 Git)的程序和需要 NTLM 的代理之间。它执行 NTLM 身份验证,因此应用程序不必这样做。
I haven't used it so I don't know how well it works.
我没用过所以不知道效果如何。
回答by jhamm
I used CNTLM authentication proxy (although this would most likely also work for ntlmaps) so git could work and added the http and https proxy as http:// localhost:3218. Git would take a very long time to do any remote action like fetch, pull, or clone.
我使用了 CNTLM 身份验证代理(尽管这很可能也适用于 ntlmaps)所以 git 可以工作并将 http 和 https 代理添加为 http:// localhost:3218. Git 执行任何远程操作(如获取、拉取或克隆)都需要很长时间。
The fix for this was to switch to use this instead: http:// 127.0.0.1:3218
对此的解决方法是改用它: http:// 127.0.0.1:3218
After this was changed in the .gitconfig it worked much faster.
在 .gitconfig 中更改后,它的工作速度要快得多。
NB: Remove the spaces between http:// and 127.0.0.1
注意:删除 http:// 和 127.0.0.1 之间的空格
Ex:
前任:
[http]
proxy = http:// 127.0.0.1:3128
[https]
proxy = http:// 127.0.0.1:3128
[http]
proxy = http:// 127.0.0.1:3128
[https]
proxy = http:// 127.0.0.1:3128
回答by rpattabi
Thanks for @richard-hansen for pointing out Cntlm. It provides a non-windows adapter for windows proxy. Very neat.
感谢@richard-hansen 指出 Cntlm。它为 windows 代理提供了一个非 windows 适配器。非常整洁。
Here are the exact steps that worked for me:
以下是对我有用的确切步骤:
- Download and install Cntlm for windows.
- Open Cntlm.ini (It is in the installation folder.)
- Update username, domain. Save it.
- Run
cntlm -I -M http://google.comfrom command line. - Cntlm will ask the password you will use for the proxy server. Give it. (Most likely it is your windows password)
- Cntlm will identify authentication method and generate a key. Pick up that result. (e.g. NTLMv2 77B9081511704EE852F94227CF48A793)
- Update Cntlm.ini with this info. (Uncomment appropriate authentication and update the key)
- Save and close.
- Now you need to start Cntlm proxy server.
net start cntlm - Now update the application with Cntlm proxy info. For Cntlm it is, 127.0.0.1:3128 (This info is in ini file. If you want it different change it there). In case of git
git config --global http.proxy 127.0.0.1:3128 - git should work fine through the proxy now.
- 下载并安装 Cntlm for windows。
- 打开 Cntlm.ini(它在安装文件夹中。)
- 更新用户名、域。保存。
cntlm -I -M http://google.com从命令行运行。- Cntlm 将询问您将用于代理服务器的密码。给它。(很可能是您的 Windows 密码)
- Cntlm 将识别身份验证方法并生成密钥。拿起那个结果。(例如 NTLMv2 77B9081511704EE852F94227CF48A793)
- 使用此信息更新 Cntlm.ini。(取消注释适当的身份验证并更新密钥)
- 保存并关闭。
- 现在您需要启动 Cntlm 代理服务器。
net start cntlm - 现在使用 Cntlm 代理信息更新应用程序。对于 Cntlm,它是 127.0.0.1:3128(此信息在 ini 文件中。如果您希望它不同,请在那里更改)。在 git 的情况下
git config --global http.proxy 127.0.0.1:3128 - git 现在应该可以通过代理正常工作。
Good luck! Elaborate steps here.
祝你好运!详细步骤在这里。
回答by JonT
With mysysgit 1.9.5 (or perhaps earlier versions too, but untested) you can do it without embedding username and password in plain text config file on disk.
使用 mysysgit 1.9.5(或者也可能是更早的版本,但未经测试),您无需在磁盘上的纯文本配置文件中嵌入用户名和密码即可完成此操作。
git client using GSSAPI for NTLM proxy authentication
使用 GSSAPI 进行 NTLM 代理身份验证的 git 客户端
And this does not require cntlm.
而这不需要cntlm。
回答by Nelson
Option http.proxyworks perfectly fine for NTLM proxy on windows, check my following answer in a similar question:
Optionhttp.proxy对于 Windows 上的 NTLM 代理非常有效,请在类似问题中查看我的以下答案:
