tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dB. <>
Subject RE: Kerberos authentication
Date Fri, 15 Oct 2010 12:51:18 GMT
Jump :) Waffle is windows-only and it seems like this is a Solaris implementation. I have some
good news though. Someone just uploaded a big patch for a windows authentication provider
that uses JCIFs (which does Kerberos and more), which works on top of Samba on *nix.

dB. @ 
Moscow|Geneva|Seattle|New York

-----Original Message-----
From: Pid [] 
Sent: Monday, October 11, 2010 3:27 AM
To: Tomcat Users List
Subject: Re: Kerberos authentication

On 11/10/2010 07:45, Igor Galić wrote:
> Hello Happy people,
> I'm cross-posting this to tomcat and archiva.
> In our company we have a well established Active Directory 
> infrastructure,
> I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10.
> The OS has been Kerberos enabled and I would very much like to make 
> use of this for Tomcat/Archiva in order to provide secure 
> authenticated access to it.
> We need to provide secure and scalable authentication.
> Thus, everything else has been ruled out:
> * No authentication -- not good, because we need some form of auditing 
> on who uploaded/deployed what (i.e.: who broke it)
> * SSH/SCP doesn't scale from an administration point of view
> (i.e.: we'd have to do something. That could be done wrong, forgotten 
> about or any number of things when people have to do mundane tasks)
> * Basic authentication -- not so good from an admin's point of view, 
> because clear-text passwords are stored in a Developer's settings.xml. 
> Not so good from a developer's point of view, because s/he has to 
> change their password in settings.xml every month or so. (sic)
> Given the lack of (official) documentation:
> eros+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai=
> value=kerberos+krb&fullsearch=Text
> org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8
> I was wondering if that's even in remotely in scope of either Project.
> It seems fairly simple to integrate Tomcat into a Kerberos 
> Infrastructure (although I haven't had the time to do this so far), 
> the question that remains unanswered to me is how to make Archiva 
> profit from such integration.
> I appreciate any kind of feedback from people who similarily are stuck 
> between a rock and a hard place, and even more so from those who have 
> a sensible solution :)
> So long,
> i

Try  The author lurks hereabouts & will jump in shortly,
no doubt.


View raw message