We have found that any one can push to the lfs server even if no credential entered
or when we close write permission on lfs directory for certain group seems its not even depending on file system permission
only http
is there any way to force authentication so its not none as below

[user@test]$ git lfs env
git-lfs/1.1.1 (GitHub; linux amd64; go 1.5.3; git 7de0397)
git version 2.7.0

Endpoint=http://ip_address:port (auth=none)
LocalWorkingDir=

Kindly help

Adding of authentication is in TODO list for a long time, so yes, it grants access to everyone. It is time to fix it. I've just added support of PAM authentication. I will re-check this one more time tomorrow, and create a new release.

PAM is universal, so you'll be able to use any authentication method.

Also, take into account that Git LFS client uses HTTP Basic authentication, so it sends plain login:password to a server in every request. I would rather use https endpoint to secure credentials.

I've finally published the release with PAM authentication. Please, have a look.

Hi artemkin
I will test it and inform you thanks :)

Hi artemkin,

As we are currently implementing the old implementation
and your new one is working and authentication is fine :)

We have push around 200 GB of elements
if we started a new process at the same old path but with the new implementation will it impact the current objects and bare repository

Are you asking about backward compatibility? If so, yes, you can use a new version of LFS server with the existing repository.