{"id":17476862,"url":"https://github.com/ksurent/git-lfs-authenticate","last_synced_at":"2025-03-17T05:32:37.884Z","repository":{"id":57708704,"uuid":"73058373","full_name":"ksurent/git-lfs-authenticate","owner":"ksurent","description":"SSH authentication shim for git-lfs","archived":false,"fork":false,"pushed_at":"2018-11-13T09:19:02.000Z","size":9,"stargazers_count":7,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-08T19:45:10.957Z","etag":null,"topics":["authentication","git-lfs","lfs","ssh"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ksurent.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-07T08:40:40.000Z","updated_at":"2023-09-08T17:16:50.000Z","dependencies_parsed_at":"2022-09-09T22:21:58.411Z","dependency_job_id":null,"html_url":"https://github.com/ksurent/git-lfs-authenticate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ksurent%2Fgit-lfs-authenticate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ksurent%2Fgit-lfs-authenticate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ksurent%2Fgit-lfs-authenticate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ksurent%2Fgit-lfs-authenticate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ksurent","download_url":"https://codeload.github.com/ksurent/git-lfs-authenticate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243846984,"owners_count":20357297,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","git-lfs","lfs","ssh"],"created_at":"2024-10-18T19:13:22.219Z","updated_at":"2025-03-17T05:32:36.616Z","avatar_url":"https://github.com/ksurent.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# git-lfs-authenticate\n\nSSH authentication shim for git-lfs.\n\nThere are several reasons you might want to use this despite the fact that the\nspec recommends against using SSH:\n\n* You want to auth against a different host than your LFS server\n* You want to have password-less authentication\n    * Re-using existing SSH keys infrastructure\n    * Not wanting to store unencrypted passwords in memory (credentials cache)\n* You want to have authorisation based on LDAP group membership\n    * Re-using existing RBAC infrastructure\n\n## Installation\n\nBuild (```go build main.go ldap.go```; you may need to ```go get gopkg.in/ldap.v2``` and ```go get gopkg.in/ini.v1``` to resolve deps fist) and put somewhere inside PATH (e.g. /usr/local/bin/).\n\n## Configuration\n\nBy default git-lfs-authenticate reads its configuration data from\n/etc/git-lfs-authenticate.conf. You can override this by providing the\nGIT_LFS_AUTHENTICATE_CONFIG environment variable.\n\nThis repository contains a sample config file in example.conf. Check it out.\n\nBelow is a short explanation of every option:\n\n* Lfs.Url — address of LFS server in URL format\n* Lfs.User — shared username that will be used to talk to LFS on behalf of the user\n* Lfs.Password — password for the shared user\n\n* Ldap.Urls — comma–separated list of LDAP servers in URL format\n* Ldap.Groups — comma–separated list of LDAP groups\n* Ldap.Cacert — path to cacert.pem (for when using TLS)\n* Ldap.Base — base DN for LDAP searches\n\nLDAP servers are tried one–by–one in randomised order until either a match is\nfound or a fatal error occurs (e.g. user not found).\n\nThe list of LDAP groups is OR-ed, i.e. a membership in at least one of the\ngroups is sufficient.\n\nThe cacert file is optional. It’s still possible to use TLS without it but\nwithout hostname verification.\n\nIt is recommended that the system user used to talk to LFS is made low\nprivileged, not being able to log into your other servers and run commands\nthere.\n\n## Usage\n\nThis command will be invoked via the git-lfs client. See\n[the spec](https://github.com/github/git-lfs/tree/master/docs/api) for more\ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fksurent%2Fgit-lfs-authenticate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fksurent%2Fgit-lfs-authenticate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fksurent%2Fgit-lfs-authenticate/lists"}