SSH authentication shim for git-lfs
SSH authentication shim for git-lfs.
There are several reasons you might want to use this despite the fact that the
spec recommends against using SSH:
Build (go build main.go ldap.go
; you may need to go get gopkg.in/ldap.v2
and go get gopkg.in/ini.v1
to resolve deps fist) and put somewhere inside PATH (e.g. /usr/local/bin/).
By default git-lfs-authenticate reads its configuration data from
/etc/git-lfs-authenticate.conf. You can override this by providing the
GIT_LFS_AUTHENTICATE_CONFIG environment variable.
This repository contains a sample config file in example.conf. Check it out.
Below is a short explanation of every option:
Lfs.Password — password for the shared user
Ldap.Urls — comma–separated list of LDAP servers in URL format
LDAP servers are tried one–by–one in randomised order until either a match is
found or a fatal error occurs (e.g. user not found).
The list of LDAP groups is OR-ed, i.e. a membership in at least one of the
groups is sufficient.
The cacert file is optional. It’s still possible to use TLS without it but
without hostname verification.
It is recommended that the system user used to talk to LFS is made low
privileged, not being able to log into your other servers and run commands
there.
This command will be invoked via the git-lfs client. See
the spec for more
details.