Yes, it is maven question, but it relates to Archiva and here is our use case - We set up our Archiva repository and use it as the proxy, the developer only get the depend jar from maven repository if our Archiva repository does not have it.
In order to access this Archiva repository through Eclipse maven plugin, the developer has to add this settings.xml in their local .m2 folder to include username/password pair. This leaves some weak points 1. Even Archiva accepts encrypted username/password, it is very clear to the attacker where to find the credentials, since we are using single sign on, it might lead the attacker to gain full access to other resources. 2. Every time, the developer changes the password in LDAP, they have to update this settings.xml to gain access to Archiva through eclipse maven plugin. We are looking for using LDAP authentication and successfully experimented in test environment, but due to above concern, also there is no critical data on our Archiva server, we end up not using LDAP authentication, but if your solution can ease the first concern, we are glad to go ahead implement LDAP authentication. Yi On 9/28/11 9:38 AM, "Tomas R" <[email protected]> wrote: >On Wed, Sep 28, 2011 at 5:11 PM, Qian, Yi <[email protected]> wrote: > >> Hello >> >> Could you share how to handle the username/password in settings.xml in >> user .m2/ folder? >> >> Yi >> > >What exactly do you want to know? This is more of a Maven question [1]. > >[1] http://maven.apache.org/settings.html#Servers
