github.com/saracen/git-lfs@v2.5.2+incompatible/docs/proposals/ntlm.md (about) 1 # NTLM Authentication With Git-Lfs 2 3 Enterprise users in a windows ecosystem are frequently required to use integrated auth. Basic auth does not meet their security requirements and setting up SSH on Windows is painful. 4 5 There is an overview of NTLM at http://www.innovation.ch/personal/ronald/ntlm.html 6 7 ### Implementation 8 9 If the LFS server returns a "Www-Authenticate: NTLM" header, we will set lfs.{endpoint}.access to be ntlm and resubmit the http request. Subsequent requests will 10 go through the ntlm auth flow. 11 12 We will store NTLM credentials in the credential helper. When the user is prompted for their credentials they must use username:{DOMAIN}\{user} and password:{pass} 13 14 The ntlm protocl will be handled by an ntlm.go class that hides the implementation of InitHandshake, Authenticate, and Challenge. This allows miminal changesto the existing 15 client.go class. 16 17 ### Tech 18 19 There is a ntlm-go library available at https://github.com/ThomsonReutersEikon/go-ntlm that we can use. We will need to implementate the Negotiate method and publish docs on what NTLM switches we support. I think simple user/pass/domain is best here so we avoid supporting a million settings with conflicting docs. 20 21 ### Work 22 23 Before supporting this as a mainstream scenario we should investigate making the CI work on windows so that we can successfully test changes. 24 25 ### More Info 26 27 You can see a hacked-together implementation of git lfs push with NTLM at https://github.com/WillHipschman/git-lfs/tree/ntlm