Jump :) Waffle is windows-only and it seems like this is a Solaris implementation. I have some good news though. Someone just uploaded a big patch for a windows authentication provider that uses JCIFs (which does Kerberos and more), which works on top of Samba on *nix.
dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: Pid [mailto:p...@pidster.com] Sent: Monday, October 11, 2010 3:27 AM To: Tomcat Users List Subject: Re: Kerberos authentication On 11/10/2010 07:45, Igor Galić wrote: > > Hello Happy people, > > I'm cross-posting this to tomcat and archiva. > > In our company we have a well established Active Directory > infrastructure, > > I'm running an Apache Archiva 1.3.1 installation in Tomcat 6, on Solaris 10. > The OS has been Kerberos enabled and I would very much like to make > use of this for Tomcat/Archiva in order to provide secure > authenticated access to it. > We need to provide secure and scalable authentication. > Thus, everything else has been ruled out: > > * No authentication -- not good, because we need some form of auditing > on who uploaded/deployed what (i.e.: who broke it) > > * SSH/SCP doesn't scale from an administration point of view > (i.e.: we'd have to do something. That could be done wrong, forgotten > about or any number of things when people have to do mundane tasks) > > * Basic authentication -- not so good from an admin's point of view, > because clear-text passwords are stored in a Developer's settings.xml. > Not so good from a developer's point of view, because s/he has to > change their password in settings.xml every month or so. (sic) > > Given the lack of (official) documentation: > http://www.google.com/search?hl=en&sitesearch=tomcat.apache.org&q=kerb > eros+OR+krb&aq=f&aqi=&aql=&oq=&gs_rfai= > http://wiki.apache.org/tomcat/FrontPage?action=fullsearch&context=180& > value=kerberos+krb&fullsearch=Text > http://www.google.at/search?client=opera&rls=en&q=site:archiva.apache. > org+kerberos+OR+krb&sourceid=opera&ie=utf-8&oe=utf-8 > http://www.google.com/search?hl=en&domains=cwiki.apache.org%2FARCHIVA& > sitesearch=cwiki.apache.org%2FARCHIVA&q=kerberos+OR+krb&sitesearch=cwi > ki.apache.org%2FARCHIVA&aq=f&aqi=&aql=&oq=&gs_rfai= > > I was wondering if that's even in remotely in scope of either Project. > It seems fairly simple to integrate Tomcat into a Kerberos > Infrastructure (although I haven't had the time to do this so far), > the question that remains unanswered to me is how to make Archiva > profit from such integration. > > I appreciate any kind of feedback from people who similarily are stuck > between a rock and a hard place, and even more so from those who have > a sensible solution :) > > So long, > i > Try http://waffle.codeplex.com/. The author lurks hereabouts & will jump in shortly, no doubt. p