Skip to end of metadata
Go to start of metadata
You are viewing documentation of TeamCity 6.5.x, which is not the most recent released version of TeamCity. Please refer to the listing to choose another version.

Table of Contents

Out-of-the-box TeamCity supports three authentication schemes:

Currently used authentication scheme is displayed on the Administration > Server Configuration page.

Switching Authentication Scheme

To switch from one authentication scheme to another you need to edit <TeamCity data directory>/config/main-config.xml file on the server machine. Change the value of class attribute of <login-module> tag inside <auth-type> tag.
Supported values for class attribute are:

  • jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModule for Default Authentication
  • jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule for Windows Domain Authentication
  • jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule for LDAP Authentication

Also, TeamCity plugins can provide additional authentication schemes. Please restart the server after editing the file.

Please note that each authentication type maintains own list for users. This means that on switching from one authentication to another you start with no users (and no administrator) and will be prompted for administrator account on first TeamCity start after the authentication change. This also means that all the existing users will need to create their accounts and re-enter their settings anew.

If you are not prompted for administrator account on switching to a new scheme, this means that there are users in the scheme already.
Please refer to How To...#Retrieve Administrator Password section for a resolution.

Example of the relevant main-config.xml file section:

Default Authentication

Configuration of <TeamCity data directory>/config/main-config.xml:

Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area at the Users and Groups page) or user are self-registered if <free-registration allowed="true" /> tag is specified.

Windows Domain Authentication

Configuration of <TeamCity data directory>/config/main-config.xml:

To log in to TeamCity users should provide their user name in the form DOMAIN\ and their domain password. <username>@<domain> login name syntax is also supported.

It is also possible to log in using only a username if the domain is specified in ntlm.defaultDomain property of <TeamCity data directory>/config/ file.

TeamCity uses JCIFS library for the Windows domain login functionality. The library is configured using the properties specified in file:
<TeamCity data directory>/config/ Changes to the file take effect immediately without server restart.

If default settings does not work for your environment, please refer to for all available configuration properties.
If the library does not find domain controller to authenticate against, consider adding jcifs.netbios.wins property in the file with address of your WINS server. For other domain services locating properties, see

TeamCity supports Windows Domain Authentication on Unix-like computers. For this to work, check the <TeamCity data directory>/config/ file and make sure the following line is not present or commented out.

LDAP Authentication

Please refer to the corresponding section.

See also: