Hello Happy people, I'm cross-posting this to tomcat and archiva.
In our company we have a well established Active Directory infrastructure, I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10. The OS has been Kerberos enabled and I would very much like to make use of this for Tomcat/Archiva in order to provide secure authenticated access to it. We need to provide secure and scalable authentication. Thus, everything else has been ruled out: * No authentication -- not good, because we need some form of auditing on who uploaded/deployed what (i.e.: who broke it) * SSH/SCP doesn't scale from an administration point of view (i.e.: we'd have to do something. That could be done wrong, forgotten about or any number of things when people have to do mundane tasks) * Basic authentication -- not so good from an admin's point of view, because clear-text passwords are stored in a Developer's settings.xml. Not so good from a developer's point of view, because s/he has to change their password in settings.xml every month or so. (sic) Given the lack of (official) documentation: http://www.google.com/search?hl=en&sitesearch=tomcat.apache.org&q=kerberos+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai= http://wiki.apache.org/tomcat/FrontPage?action=fullsearch&context=180&value=kerberos+krb&fullsearch=Text http://www.google.at/search?client=opera&rls=en&q=site:archiva.apache.org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8 http://www.google.com/search?hl=en&domains=cwiki.apache.org%2FARCHIVA&sitesearch=cwiki.apache.org%2FARCHIVA&q=kerberos+OR+krb&sitesearch=cwiki.apache.org%2FARCHIVA&aq=f&aqi=&aql=&oq=&gs_rfai= I was wondering if that's even in remotely in scope of either Project. It seems fairly simple to integrate Tomcat into a Kerberos Infrastructure (although I haven't had the time to do this so far), the question that remains unanswered to me is how to make Archiva profit from such integration. I appreciate any kind of feedback from people who similarily are stuck between a rock and a hard place, and even more so from those who have a sensible solution :) So long, i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
