tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Kerberos authentication
Date Mon, 11 Oct 2010 06:45:59 GMT

Hello Happy people,

I'm cross-posting this to tomcat and archiva.

In our company we have a well established Active Directory infrastructure,

I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10.
The OS has been Kerberos enabled and I would very much like to make
use of this for Tomcat/Archiva in order to provide secure authenticated
access to it.
We need to provide secure and scalable authentication.
Thus, everything else has been ruled out:

* No authentication -- not good, because we need some form of
auditing on who uploaded/deployed what (i.e.: who broke it)

* SSH/SCP doesn't scale from an administration point of view
(i.e.: we'd have to do something. That could be done wrong,
forgotten about or any number of things when people have to do
mundane tasks)

* Basic authentication -- not so good from an admin's point
of view, because clear-text passwords are stored in a
Developer's settings.xml. Not so good from a developer's
point of view, because s/he has to change their password
in settings.xml every month or so. (sic)

Given the lack of (official) documentation:
http://www.google.com/search?hl=en&sitesearch=tomcat.apache.org&q=kerberos+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai=
http://wiki.apache.org/tomcat/FrontPage?action=fullsearch&context=180&value=kerberos+krb&fullsearch=Text
http://www.google.at/search?client=opera&rls=en&q=site:archiva.apache.org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8
http://www.google.com/search?hl=en&domains=cwiki.apache.org%2FARCHIVA&sitesearch=cwiki.apache.org%2FARCHIVA&q=kerberos+OR+krb&sitesearch=cwiki.apache.org%2FARCHIVA&aq=f&aqi=&aql=&oq=&gs_rfai=

I was wondering if that's even in remotely in scope of
either Project.
It seems fairly simple to integrate Tomcat into a
Kerberos Infrastructure (although I haven't had the time
to do this so far), the question that remains unanswered
to me is how to make Archiva profit from such integration.

I appreciate any kind of feedback from people who similarily
are stuck between a rock and a hard place, and even more so
from those who have a sensible solution :)

So long,
i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message