Need help resolving deployment issues

[Mykel Alvis <my...@weirdness.com>]

The following elements of my situation are completely non-negotiable:
1. over 200 developers, some internal to the enterprise and some outside the
enterprise network and allowed access only to DMZ hosts
2. Maven was chosen as the build system (hence my presence here), and
Subversion as the SCM tool
3. Windows Server 2003 R2 Active Directory (NTLM) is specified as the
authentication mechanism, with a one-way trusted domain controller doing the
DMZ authentication for external users
4. All access to internal systems (which means SCM and repositories, both
read and write) must be encrypted
5. All access to internal systems must be authenticated via NTLM.
6. External users (contractors and offshore workers) are not allowed access
to the internal network, so the SCM and Maven repos must live in the DMZ or
at least be accessible within the DMZ.

The negotiable elements of my situation:
7. Proximity as the maven proxy
8. Deployment method is negotiable, but is constrained by #4 & #5 above

My issue:

How do I deploy?

File is out, as providing an external share is an unacceptable security risk
FTP is out for requnacceptable for security reasons
SCP would require a different authentication mechanism than using
NTLM/Windows AD
The DAV wagon apparently does not work with NTLM authentication out of the
box although I am working on this.

Any suggestions?

It's possible that Apache or IIS DAV would do the job if I knew the
super-secret method for making the SSL/NTLM authentication combo-of-doom
work, but so far I haven't been able to make that happen.

I'm not at the end of my rope, but I can see the knot at the end of it.
Quitting is not an option at this point. :)
Any constructive help would be appreciated.

Mykel

Re: Need help resolving deployment issues

[Tamás Cservenák <t....@gmail.com>]

Hi,

Proximity's WebDAV adapter is just finished in SVN last night :)
IF you deploy from Maven only (will not mount it as a volume in
windows, since current implementation have some M$ related issues due
to buggy namespace handling of webfolders...) -- it should work.

Altough i'm going for 1.0.0, there could be some RC5 release that
supports WebDAV but have no all 1.0.0 release targeted issues
resolved...

So, one of the solutions could be: proxy the Proximity instance with
Apache 2.0, it works very vell with ADS as auth source (using LDAP
module).

And finally, use BASIC + HTTPS since it offers high enough security:
paswd is plain, but travels on TLS, so it is protected by the channel
itself.

Protect the whole proximity or just the DAV iface of it as you like --
apache + ADS gives you a lot of choices :)


Have fun!
~t~

On 9/15/06, Mykel Alvis <my...@weirdness.com> wrote:
> The following elements of my situation are completely non-negotiable:
> 1. over 200 developers, some internal to the enterprise and some outside the
> enterprise network and allowed access only to DMZ hosts
> 2. Maven was chosen as the build system (hence my presence here), and
> Subversion as the SCM tool
> 3. Windows Server 2003 R2 Active Directory (NTLM) is specified as the
> authentication mechanism, with a one-way trusted domain controller doing the
> DMZ authentication for external users
> 4. All access to internal systems (which means SCM and repositories, both
> read and write) must be encrypted
> 5. All access to internal systems must be authenticated via NTLM.
> 6. External users (contractors and offshore workers) are not allowed access
> to the internal network, so the SCM and Maven repos must live in the DMZ or
> at least be accessible within the DMZ.
>
> The negotiable elements of my situation:
> 7. Proximity as the maven proxy
> 8. Deployment method is negotiable, but is constrained by #4 & #5 above
>
> My issue:
>
> How do I deploy?
>
> File is out, as providing an external share is an unacceptable security risk
> FTP is out for requnacceptable for security reasons
> SCP would require a different authentication mechanism than using
> NTLM/Windows AD
> The DAV wagon apparently does not work with NTLM authentication out of the
> box although I am working on this.
>
> Any suggestions?
>
> It's possible that Apache or IIS DAV would do the job if I knew the
> super-secret method for making the SSL/NTLM authentication combo-of-doom
> work, but so far I haven't been able to make that happen.
>
> I'm not at the end of my rope, but I can see the knot at the end of it.
> Quitting is not an option at this point. :)
> Any constructive help would be appreciated.
>
> Mykel
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org