tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dB. <dbl...@dblock.org>
Subject RE: Kerberos authentication
Date Fri, 15 Oct 2010 12:51:18 GMT
Jump :) Waffle is windows-only and it seems like this is a Solaris implementation. I have some
good news though. Someone just uploaded a big patch for a windows authentication provider
that uses JCIFs (which does Kerberos and more), which works on top of Samba on *nix.

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York



-----Original Message-----
From: Pid [mailto:pid@pidster.com] 
Sent: Monday, October 11, 2010 3:27 AM
To: Tomcat Users List
Subject: Re: Kerberos authentication

On 11/10/2010 07:45, Igor Galić wrote:
> 
> Hello Happy people,
> 
> I'm cross-posting this to tomcat and archiva.
> 
> In our company we have a well established Active Directory 
> infrastructure,
> 
> I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10.
> The OS has been Kerberos enabled and I would very much like to make 
> use of this for Tomcat/Archiva in order to provide secure 
> authenticated access to it.
> We need to provide secure and scalable authentication.
> Thus, everything else has been ruled out:
> 
> * No authentication -- not good, because we need some form of auditing 
> on who uploaded/deployed what (i.e.: who broke it)
> 
> * SSH/SCP doesn't scale from an administration point of view
> (i.e.: we'd have to do something. That could be done wrong, forgotten 
> about or any number of things when people have to do mundane tasks)
> 
> * Basic authentication -- not so good from an admin's point of view, 
> because clear-text passwords are stored in a Developer's settings.xml. 
> Not so good from a developer's point of view, because s/he has to 
> change their password in settings.xml every month or so. (sic)
> 
> Given the lack of (official) documentation:
> http://www.google.com/search?hl=en&sitesearch=tomcat.apache.org&q=kerb
> eros+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai=
> http://wiki.apache.org/tomcat/FrontPage?action=fullsearch&context=180&
> value=kerberos+krb&fullsearch=Text
> http://www.google.at/search?client=opera&rls=en&q=site:archiva.apache.
> org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8
> http://www.google.com/search?hl=en&domains=cwiki.apache.org%2FARCHIVA&
> sitesearch=cwiki.apache.org%2FARCHIVA&q=kerberos+OR+krb&sitesearch=cwi
> ki.apache.org%2FARCHIVA&aq=f&aqi=&aql=&oq=&gs_rfai=
> 
> I was wondering if that's even in remotely in scope of either Project.
> It seems fairly simple to integrate Tomcat into a Kerberos 
> Infrastructure (although I haven't had the time to do this so far), 
> the question that remains unanswered to me is how to make Archiva 
> profit from such integration.
> 
> I appreciate any kind of feedback from people who similarily are stuck 
> between a rock and a hard place, and even more so from those who have 
> a sensible solution :)
> 
> So long,
> i
> 

Try http://waffle.codeplex.com/.  The author lurks hereabouts & will jump in shortly,
no doubt.


p

Mime
View raw message