github.com/git-lfs/git-lfs@v2.5.2+incompatible/docs/proposals/ntlm.md (about)

     1  # NTLM Authentication With Git-Lfs
     2  
     3  Enterprise users in a windows ecosystem are frequently required to use integrated auth. Basic auth does not meet their security requirements and setting up SSH on Windows is painful.
     4  
     5  There is an overview of NTLM at http://www.innovation.ch/personal/ronald/ntlm.html
     6  
     7  ### Implementation
     8  
     9  If the LFS server returns a "Www-Authenticate: NTLM" header, we will set lfs.{endpoint}.access to be ntlm and resubmit the http request. Subsequent requests will
    10  go through the ntlm auth flow.
    11  
    12  We will store NTLM credentials in the credential helper. When the user is prompted for their credentials they must use username:{DOMAIN}\{user} and password:{pass}
    13  
    14  The ntlm protocl will be handled by an ntlm.go class that hides the implementation of InitHandshake, Authenticate, and Challenge. This allows miminal changesto the existing
    15  client.go class.
    16  
    17  ### Tech
    18  
    19  There is a ntlm-go library available at https://github.com/ThomsonReutersEikon/go-ntlm that we can use. We will need to implementate the Negotiate method and publish docs on what NTLM switches we support. I think simple user/pass/domain is best here so we avoid supporting a million settings with conflicting docs.
    20  
    21  ### Work
    22  
    23  Before supporting this as a mainstream scenario we should investigate making the CI work on windows so that we can successfully test changes.
    24  
    25  ### More Info
    26  
    27  You can see a hacked-together implementation of git lfs push with NTLM at https://github.com/WillHipschman/git-lfs/tree/ntlm