We have just upgraded to the latest version of Archiva and I have a
couple of security questions.
1. In the previous release we added our archiva repository to our
~/.m2/settings.xml as a mirror.
<settings>
...
<mirrors>
<mirror>
<id>catchy</id>
<name>EBS Maven Repository Manager</name>
<url>http://<hostname>/archiva/repository/internal</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
...
</settings>
That way when you ran a mvn command it would try to download the plug-
in or resource from our archiva repository and proxy to the central
if needed. We were adding the guest account to the repository-
observer role, but we would like to stop doing that and make users
authenticate to use our archiva repository. What is the proper way
to set that up, so that when mvn runs it can still download from
archiva? It doesn't seem like the repository or mirror configuration
in the settings.xml allow you to setup a username/password, so I'm
not sure how this should be done.
2. Is there anyway to setup archiva to authenticate against an LDAP
directory, rather than the builit-in authentication scheme?
Thanks,
Joel Morris
