tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <>
Subject Kerberos authentication
Date Mon, 11 Oct 2010 06:45:59 GMT

Hello Happy people,

I'm cross-posting this to tomcat and archiva.

In our company we have a well established Active Directory infrastructure,

I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10.
The OS has been Kerberos enabled and I would very much like to make
use of this for Tomcat/Archiva in order to provide secure authenticated
access to it.
We need to provide secure and scalable authentication.
Thus, everything else has been ruled out:

* No authentication -- not good, because we need some form of
auditing on who uploaded/deployed what (i.e.: who broke it)

* SSH/SCP doesn't scale from an administration point of view
(i.e.: we'd have to do something. That could be done wrong,
forgotten about or any number of things when people have to do
mundane tasks)

* Basic authentication -- not so good from an admin's point
of view, because clear-text passwords are stored in a
Developer's settings.xml. Not so good from a developer's
point of view, because s/he has to change their password
in settings.xml every month or so. (sic)

Given the lack of (official) documentation:

I was wondering if that's even in remotely in scope of
either Project.
It seems fairly simple to integrate Tomcat into a
Kerberos Infrastructure (although I haven't had the time
to do this so far), the question that remains unanswered
to me is how to make Archiva profit from such integration.

I appreciate any kind of feedback from people who similarily
are stuck between a rock and a hard place, and even more so
from those who have a sensible solution :)

So long,

Igor Galić

Tel: +43 (0) 664 886 22 883

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message