[
http://jira.codehaus.org/browse/MNG-4602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Bentmann moved MDEPLOY-119 to MNG-4602:
------------------------------------------------
Complexity: Intermediate
Component/s: (was: deploy:deploy)
Settings
Artifacts and Repositories
Affects Version/s: (was: 2.5)
Key: MNG-4602 (was: MDEPLOY-119)
Project: Maven 2 & 3 (was: Maven 2.x Deploy Plugin)
> Allow pluggable authentication (using JAAS ?) so that the username and
> password to connect to a deployment repository can be generated by a Single
> Sign On-enabled client
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: MNG-4602
> URL: http://jira.codehaus.org/browse/MNG-4602
> Project: Maven 2 & 3
> Issue Type: New Feature
> Components: Artifacts and Repositories, Settings
> Reporter: David Boden
> Priority: Minor
>
> The username and password used to authenticate with the remote repository
> during deployment are stored in the user's settings.xml under the <servers/>
> structure. This structure allows a username and password to be specified, or
> for a .ssh private key to be specified.
> It does not allow for pluggable single sign on, where a Java module (perhaps
> a JAAS LoginModule) is available on the client to generate a token in place
> of a password. Many corporates use this technique for other web applications,
> generating an LDAP token from the user's PC and verifying it against an LDAP
> server on the server side. It adds security by removing the need to pass the
> user's password over the wire.
> This Jira is a request for a pluggable entry point for this single sign on
> module, perhaps by specifying a class name in the <server/> structure or by
> setting a system property. The solution could either define a new interface
> which Authentication Providers must implement or can use existing interfaces
> from JAAS, (Http) Authenticator or other frameworks.
> Please feel free to move this item to the "Maven Wagon" component if you feel
> that's the best place to implement the feature. Alternatively, please also
> feel free to move to the generic "Maven 2&3" component if you think that the
> feature has wider scope than just deployment; perhaps to also authenticate
> using Single Sign On with an internal company's repository when *downloading*
> artifacts (as well as uploading).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
