diff --git a/app/models/build_list.rb b/app/models/build_list.rb
index d3af2ffa6..981cde909 100644
--- a/app/models/build_list.rb
+++ b/app/models/build_list.rb
@@ -322,7 +322,7 @@ class BuildList < ActiveRecord::Base
         id,
         include_repos,
         priority,
-        project.git_project_address
+        project.git_project_address(user)
       )
     end
     @status
@@ -443,7 +443,7 @@ class BuildList < ActiveRecord::Base
       :time_living => 43200, # 12 hours
       :distrib_type => build_for_platform.distrib_type,
       # :git_project_address => 'https://abf.rosalinux.ru/server/gnome-settings-daemon.git',
-      :git_project_address => project.git_project_address,
+      :git_project_address => project.git_project_address(user),
       # :commit_hash => 'fbb2549e44d97226fea6748a4f95d1d82ffb8726',
       :commit_hash => commit_hash,
       :build_requires => build_requires,
diff --git a/app/models/project.rb b/app/models/project.rb
index 7fb0a55ac..6325616e9 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -117,10 +117,11 @@ class Project < ActiveRecord::Base
     owner == user
   end
 
-  def git_project_address
+  def git_project_address auth_user
     host ||= EventLog.current_controller.request.host_with_port rescue ::Rosa::Application.config.action_mailer.default_url_options[:host]
     protocol = APP_CONFIG['mailer_https_url'] ? "https" : "http" rescue "http"
-    Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, :host => host, :protocol => protocol) + ".git"
+    opts = {:host => host, :protocol => protocol, :user => auth_user.authentication_token, :password => ''}
+    Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, opts) + ".git"
     #path #share by NFS
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index b640134ed..ab277c086 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,8 +86,13 @@ class User < Avatar
   class << self
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup
+
       login = conditions.delete(:login)
-      where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase }]).first
+      pass  = conditions.delete(:pass)
+      user = User.where(conditions).where(:authentication_token => login).first ||
+             User.where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase}]).first
+      return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(pass))
+      nil
     end
 
     def new_with_session(params, session)
diff --git a/config/application.rb b/config/application.rb
index b6e82755f..13f0a15c1 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,7 +51,7 @@ module Rosa
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password, :secret]
+    config.filter_parameters += [:password, :secret, :authentication_token]
 
     # Enable the asset pipeline
     config.assets.enabled = true
diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb
index 598dd11a1..4b2f14385 100644
--- a/lib/plugins/grack/auth.rb
+++ b/lib/plugins/grack/auth.rb
@@ -12,7 +12,7 @@ module Grack
         return render_not_found if project.blank?
 
         return ::Rack::Auth::Basic.new(@app) do |u, p|
-          user = User.find_for_database_authentication(:login => u) and !user.access_locked? and user.valid_password?(p) and
+          user = User.find_for_database_authentication({:login => u, :pass => p}) and
           ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user)
         end.call(env) unless project.public? and read? # need auth
       end