From 04a98505a4ab8f48aee22800fcac193d9367d0ae Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Fri, 29 Nov 2013 11:05:51 -0500 Subject: [PATCH] Refactor user services and separate authentication (issue-281) --- src/main/distrib/data/gitblit.properties | 98 ++++++++++--------------------------------------- 1 files changed, 20 insertions(+), 78 deletions(-) diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties index 92427e5..edfa1c4 100644 --- a/src/main/distrib/data/gitblit.properties +++ b/src/main/distrib/data/gitblit.properties @@ -562,16 +562,7 @@ web.projectsFile = ${baseFolder}/projects.conf # Either the full path to a user config file (users.conf) -# OR the full path to a simple user properties file (users.properties) # OR a fully qualified class name that implements the IUserService interface. -# -# Alternative user services: -# com.gitblit.LdapUserService -# com.gitblit.RedmineUserService -# com.gitblit.SalesforceUserService -# com.gitblit.WindowsUserService -# com.gitblit.PAMUserService -# com.gitblit.HtpasswdUserService # # Any custom user service implementation must have a public default constructor. # @@ -579,6 +570,25 @@ # RESTART REQUIRED # BASEFOLDER realm.userService = ${baseFolder}/users.conf + +# Ordered list of external authentication providers which will be used if +# authentication against the local user service fails. +# +# Valid providers are: +# +# htpasswd +# ldap +# pam +# redmine +# salesforce +# windows + +# e.g. realm.authenticationProviders = htpasswd windows +# +# SINCE 1.4.0 +# RESTART REQUIRED +# SPACE-DELIMITED +realm.authenticationProviders = # How to store passwords. # Valid values are plain, md5, or combined-md5. md5 is the hash of password. @@ -1331,15 +1341,6 @@ # SINCE 1.3.0 realm.container.autoCreateAccounts = false -# The WindowsUserService must be backed by another user service for standard user -# and team management. -# default: users.conf -# -# RESTART REQUIRED -# BASEFOLDER -# SINCE 1.3.0 -realm.windows.backingUserService = ${baseFolder}/users.conf - # Allow or prohibit Windows guest account logins # # SINCE 1.3.0 @@ -1357,29 +1358,11 @@ # SINCE 1.3.0 realm.windows.defaultDomain = -# The PAMUserService must be backed by another user service for standard user -# and team management. -# default: users.conf -# -# RESTART REQUIRED -# BASEFOLDER -# SINCE 1.3.1 -realm.pam.backingUserService = ${baseFolder}/users.conf - # The PAM service name for authentication. # default: system-auth # # SINCE 1.3.1 realm.pam.serviceName = system-auth - -# The HtpasswdUserService must be backed by another user service for standard user -# and team management and attributes. This can be one of the local Gitblit user services. -# default: users.conf -# -# RESTART REQUIRED -# BASEFOLDER -# SINCE 1.3.2 -realm.htpasswd.backingUserService = ${baseFolder}/users.conf # The Apache htpasswd file that contains the users and passwords. # default: ${baseFolder}/htpasswd @@ -1388,30 +1371,6 @@ # BASEFOLDER # SINCE 1.3.2 realm.htpasswd.userfile = ${baseFolder}/htpasswd - -# Determines how accounts are looked up upon login. -# -# If set to false, then authentication for local accounts is done against -# the backing user service. -# If set to true, then authentication will first be checked against the -# htpasswd store, even if the account appears as a local account in the -# backing user service. If the user is found in the htpasswd store, then -# an already existing local account will be turned into an external account. -# In this case an initial local password is never used and gets overwritten -# by the externally stored password upon login. -# default: false -# -# SINCE 1.3.2 -realm.htpasswd.overrideLocalAuthentication = false - -# The SalesforceUserService must be backed by another user service for standard user -# and team management. -# default: users.conf -# -# RESTART REQUIRED -# BASEFOLDER -# SINCE 1.3.0 -realm.salesforce.backingUserService = ${baseFolder}/users.conf # Restrict the Salesforce user to members of this org. # default: 0 (i.e. do not check the Org ID) @@ -1438,15 +1397,6 @@ # # SINCE 1.0.0 realm.ldap.password = password - -# The LdapUserService must be backed by another user service for standard user -# and team management. -# default: users.conf -# -# SINCE 1.0.0 -# RESTART REQUIRED -# BASEFOLDER -realm.ldap.backingUserService = ${baseFolder}/users.conf # Delegate team membership control to LDAP. # @@ -1565,14 +1515,6 @@ # For MS Active Directory this may be sAMAccountName realm.ldap.uid = uid -# The RedmineUserService must be backed by another user service for standard user -# and team management. -# default: users.conf -# -# RESTART REQUIRED -# BASEFOLDER -realm.redmine.backingUserService = ${baseFolder}/users.conf - # URL of the Redmine. realm.redmine.url = http://example.com/redmine @@ -1638,7 +1580,7 @@ # # SINCE 1.4.0 # RESTART REQUIRED -server.redirectToHttpsPort = true +server.redirectToHttpsPort = false # Specify the interface for Jetty to bind the standard connector. # You may specify an ip or an empty value to bind to all interfaces. -- Gitblit v1.9.1