archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel Morris <joel.mor...@theebsgroup.com>
Subject Security Question
Date Thu, 30 Aug 2007 20:16:20 GMT
We have just upgraded to the latest version of Archiva and I have a  
couple of security questions.

1. In the previous release we added our archiva repository to our  
~/.m2/settings.xml as a mirror.

<settings>
...
   <mirrors>
     <mirror>
       <id>catchy</id>
       <name>EBS Maven Repository Manager</name>
       <url>http://<hostname>/archiva/repository/internal</url>
       <mirrorOf>central</mirrorOf>
     </mirror>
   </mirrors>
...
</settings>

That way when you ran a mvn command it would try to download the plug- 
in or resource from our archiva repository and proxy to the central  
if needed. We were adding the guest account to the repository- 
observer role, but we would like to stop doing that and make users  
authenticate to use our archiva repository.  What is the proper way  
to set that up, so that when mvn runs it can still download from  
archiva?  It doesn't seem like the repository or mirror configuration  
in the settings.xml allow you to setup a username/password, so I'm  
not sure how this should be done.

2. Is there anyway to setup archiva to authenticate against an LDAP  
directory, rather than the builit-in authentication scheme?

Thanks,


Joel Morris

Mime
View raw message