2

I have a Windows 2008 R2 IIS7 server with Mercurial under HTTPS. I connect to the Mercurial Repositories using TortoiseHG and via the web interface. If I don't have my username and password in the .hgrc file, them I'm prompted for my domain credentials.

What I want, is to setup my Mercurial repositories security in such away that I do not have to supply credentials through a basic authentication prompt or via entering them in cleartext in my personal .hgrc file. The user access should be inferred by being logged into the domain on the computer I am working on.

Authentication setup:

  • Anonymous Authentication: Disabled
  • ASP.Net Impersonation: Disabled
  • Basic Authentication: Enabled
  • Forms Authentication: Disabled
  • Windows Authentication: Enabled

On the client side I have my credentials in my personal .hgrc:

[auth] 
tag.prefix = https://MercurialServer 
tag.username = Username 
tag.password = Password
Martin Geisler
  • 1,271
  • 9
  • 23
Ian McShane
  • 123
  • 1
  • 1
  • 4

1 Answers1

2

So, you're asking if TortoiseHG has support for authenticating to IIS using NTLM/Kerberos to pass the Windows Authentication mode in IIS? The answer is no; it uses the basic auth, which requires plaintext credentials, whether saved or entered.

If you were using an SSH-based protocol, it looks like there's some means to get it using GSSAPI for seamless windows auth via a supporting version of plink; food for thought.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • Hi Shane, you hit my suspicions right on the head. I did not think NTLM/Kereros would be supported... I will look into the the "food for thought"... If I get any form of success I will update this thread. On a completely different note, I wish I could put a line break in my comments. – Ian McShane Apr 07 '11 at 05:53
  • There is this extension: https://bitbucket.org/hstuart/hg-kerberos/ -- come talk to hstuart (I'm mg) on #mercurial at http://webchat.freenode.net/ – Martin Geisler Sep 06 '11 at 10:04