Authentication Settings
Out-of-the-box TeamCity Enterprise edition supports three Authentication Scheme:
Active authentication scheme is configured in the auth-type section of the main-config.xml file located in the <TeamCity data directory> /config directory, for example:
<auth-type> <!-- Active login module class, see below --> <login-module class="jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="false" /> </auth-type>
Authentication type is defined by the login module, welcome message and the possibility to use anonymous login. Built-in login modules are:
jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModulefor Default Authenticationjetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModulefor Windows Domain Authenticationjetbrains.buildServer.serverSide.impl.auth.LDAPLoginModulefor LDAP Authentication
Default Authentication
Configuration of <TeamCity data directory> /config/main-config.xml:
<auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="true" /> </auth-type>
Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area Users and Groups) or user are self-registered if <free-registration allowed="true" /> tag is specified.
Windows Domain Authentication
Configuration of <TeamCity data directory> /config/main-config.xml:
<auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> </auth-type>
Windows Domain Authentication is supported if TeamCity server is installed under Windows 2000, Windows XP or Windows Server 2003, as well as NTAuthUnix.
Prior to TeamCity 3.1, all Windows domain users that can log on to the machine running TeamCity server can also log in to TeamCity using the same credentials.
To log in to TeamCity users should provide their user name in the form DOMAIN\user.name and their domain password. Since TeamCity 3.1 <username>@<domain> login name syntax is supported. It is also possible to log in using only a username if the domain is specified in ntlm.defaultDomain property of <TeamCity data directory> /config/ntlm-config.properties file.
Windows Domain Authentication on Unix-like Computers
TeamCity supports Windows Domain Authentication on Unix-like computers. For this to work, check the <TeamCity data directory> /config/ntlm-config.properties file and make sure the following line is commented out.
# ntlm.compatibilityMode=true
Please refer to the http://jcifs.samba.org/src/docs/api/ page for information about other supported properties.
LDAP Authentication
Please refer to the LDAP Integration.