We are evaluating new SCM tools where I work. We have been using Git unofficially for some time. Recently an incedent caused some in management to demand that we stop using Git until we can solve the auditing whole. So we have been looking at solutions to integrate Active Directory with Git. I am wondering again about the audit trail of changes in our repository. As I understand it commits are logged on the local system without authentication. After some number of changes have been added to the local repository then these changes can be pushed to a central repository where authentication is required to be allowed to push the changes. Since the authentication happens later and in a different context there is nothing that ensures the author value of a commit is validated by active directory (or anything else).
Is my understanding correct?