Authentication Settings

Skip to end of metadata
Go to start of metadata
You are viewing documentation of TeamCity 5.x, which is not the most recent released version of TeamCity. Please refer to the listing to choose another version.
Search

Searching TeamCity 5.x Documentation

Table of Contents

Out-of-the-box TeamCity Enterprise edition supports three authentication schemes:

TeamCity Professional edition only supports TeamCity Default Authentication and does not support changing the authentication scheme.

Switching Authentication Scheme

To switch from one authentication scheme to another you need to edit <TeamCity data directory>/config/main-config.xml file on the server machine. Change the value of class attribute of <login-module> tag inside <auth-type> tag. Please restart the server after editing the file.

Please note that each authentication type maintains own list for users. This means that on switching from one authentication to another you start with no users (and no administrator) and will be prompted for administrator account on first TeamCity start after the authentication change . This also means that all the existing users will need to create their accounts and re-enter their settings anew.

if you are not prompted for administrator account on switching to a new scheme, this means this there are users in the scheme already. If there is no administrator account in this scheme, you can use http://<your_TeamCity_server>/setupAdmin.html URL to setup administrator account. If there is an administrator account in the current authentication scheme, the page is not available. Otherwise you need to remember the administrator account credentials. See also Changing user password with default authentication scheme.
Related feature requests in our tracker: TW-1964, TW-4524, TW-1681.

Supported values for class attribute are:

  • jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModule for Default Authentication
  • jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule for Windows Domain Authentication
  • jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule for LDAP Authentication
    Also, TeamCity plugins can provide additional authentication schemes.

Example of the relevant main-config.xml file section:

Default Authentication

Configuration of <TeamCity data directory>/config/main-config.xml:

Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area section) or user are self-registered if <free-registration allowed="true" /> tag is specified.

Windows Domain Authentication

Configuration of <TeamCity data directory>/config/main-config.xml:

Windows Domain Authentication is supported if TeamCity server is installed under Windows 2000, Windows XP or Windows Server 2003, as well as under Unix-like OS.

Prior to TeamCity 3.1, all Windows domain users that can log on to the machine running TeamCity server can also log in to TeamCity using the same credentials.

To log in to TeamCity users should provide their user name in the form DOMAIN\user.name and their domain password. Since TeamCity 3.1 <username>@<domain> login name syntax is supported. It is also possible to log in using only a username if the domain is specified in ntlm.defaultDomain property of <TeamCity data directory>/config/ntlm-config.properties file.

Windows Domain Authentication on Unix-like Computers

TeamCity supports Windows Domain Authentication on Unix-like computers. For this to work, check the <TeamCity data directory>/config/ntlm-config.properties file and make sure the following line is commented out.

Please refer to the "Available Properties" section on http://jcifs.samba.org/src/docs/api/ page for information about other supported properties.

If you want to use the NT domain authentication available in TeamCity version prior to 3.1, ensure the line ntlm.compatibilityMode=true is present and not commented in the ntlm-config.properties file.

LDAP Authentication

Please refer to the corresponding section.




See Also:

Labels:

authentication authentication Delete
Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.
  1. Mar 04, 2009

    Is it possible to change the authentication scheme of a running system?

    I installed teamcity, started up without ldap, then configured LDAP authentication, but could not figure out how to assign the administrator role to an LDAP user that had not yet registered. I had not yet configured too much things, so I just cleaned the database and got an administrator account. However, it would be nice if this page would describe that you have to setup LDAP before you do the initial login, or how to assign the administrator role.