On 11/10/2010 07:45, Igor Galić wrote: > > Hello Happy people, > > I'm cross-posting this to tomcat and archiva. > > In our company we have a well established Active Directory infrastructure, > > I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10. > The OS has been Kerberos enabled and I would very much like to make > use of this for Tomcat/Archiva in order to provide secure authenticated > access to it. > We need to provide secure and scalable authentication. > Thus, everything else has been ruled out: > > * No authentication -- not good, because we need some form of > auditing on who uploaded/deployed what (i.e.: who broke it) > > * SSH/SCP doesn't scale from an administration point of view > (i.e.: we'd have to do something. That could be done wrong, > forgotten about or any number of things when people have to do > mundane tasks) > > * Basic authentication -- not so good from an admin's point > of view, because clear-text passwords are stored in a > Developer's settings.xml. Not so good from a developer's > point of view, because s/he has to change their password > in settings.xml every month or so. (sic) > > Given the lack of (official) documentation: > http://www.google.com/search?hl=en&sitesearch=tomcat.apache.org&q=kerberos+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai= > http://wiki.apache.org/tomcat/FrontPage?action=fullsearch&context=180&value=kerberos+krb&fullsearch=Text > http://www.google.at/search?client=opera&rls=en&q=site:archiva.apache.org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8 > http://www.google.com/search?hl=en&domains=cwiki.apache.org%2FARCHIVA&sitesearch=cwiki.apache.org%2FARCHIVA&q=kerberos+OR+krb&sitesearch=cwiki.apache.org%2FARCHIVA&aq=f&aqi=&aql=&oq=&gs_rfai= > > I was wondering if that's even in remotely in scope of > either Project. > It seems fairly simple to integrate Tomcat into a > Kerberos Infrastructure (although I haven't had the time > to do this so far), the question that remains unanswered > to me is how to make Archiva profit from such integration. > > I appreciate any kind of feedback from people who similarily > are stuck between a rock and a hard place, and even more so > from those who have a sensible solution :) > > So long, > i >
Try http://waffle.codeplex.com/. The author lurks hereabouts & will jump in shortly, no doubt. p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
