Configuring GIT on a server in a Windows / Active Directory environment

We're looking at configuring GIT for use by Windows clients in an Active Directory environment and I'm wondering what configurations people have had success with.

We've initially set up HTTPS/Apache with Basic authentication against AD. However, this requires that credentials be supplied for every push from the client. Would Kerberos be less painful?

I'm dubious about using SSH and private key pairs as it will increase the maintenance required by our IT team. Is there perhaps a way of tying a private key to an AD account in a way that it can be picked up automatically by git (some kind of AD-connected plink.exe replacement)?

I'm basically trying to minimise on-going pain for both the IT team and the developers. Am I wasting my time? Should I be looking at Mercurial instead?

To clarify: I have experience with Git on Windows with github as a remote and I love it. However, I'm happy to look at Mercurial (which I've used, but only a little) if it 开发者_高级运维means better authentication support under Windows.

What is actually the problem? Supplying credentials manually all the time?
It does not matter if you use Kerberos or an LDAP bind against AD, unless your client/server is unable to cache the credentials (e.g. with a session) every (subsequent) request has to be reauthenticated because HTTP is a stateless protocol in contrast to SSH. Though Kerberos would make this way easier in terms of configuration on the host and the client als long as the HTTP transport library of msysgit supports Negotiate with SPNEGO with SSPI or GSSAPI.

I seriously doubt that Mercurial would solve that problem because it does not perform any auth. Some library does for it.