Configuring Authentication Settings
Out-of-the-box TeamCity supports three Authentication Scheme:
Currently used authentication scheme is displayed on the Administration | Global Settings page.
Switching Authentication Scheme
To switch from one authentication scheme to another you need to edit <TeamCity data directory> /config/main-config.xml file on the server machine. Change the value of class attribute of <login-module> tag inside <auth-type> tag. Supported values for class attribute are:
jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModulefor Default Authenticationjetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModulefor Windows Domain Authenticationjetbrains.buildServer.serverSide.impl.auth.LDAPLoginModulefor LDAP Authentication
Also, TeamCity plugins can provide Custom Authentication Module. Please restart the server after editing the file.
Please note that each authentication type maintains own list for users. This means that on switching from one authentication to another you start with no users (and no administrator) and will be prompted for administrator account on first TeamCity start after the authentication change. This also means that all the existing users will need to create their accounts and re-enter their settings anew.
If you are not prompted for administrator account on switching to a new scheme, this means that there are users in the scheme already. Please refer to How To... section for a resolution.
Example of the relevant main-config.xml file section:
<auth-type> <!-- Active login module class, see below --> <login-module class="jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="false" /> </auth-type>
Default Authentication
Configuration of <TeamCity data directory> /config/main-config.xml:
<auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="true" /> </auth-type>
Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area at the Users page) or user are self-registered if <free-registration allowed="true" /> tag is specified.
Windows Domain Authentication
See also NTLM HTTP Authentication for transparent login withotu manual credentials entering: Single sign-on based on Windows domain authentication.
Configuration of <TeamCity data directory> /config/main-config.xml:
<auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> </auth-type>
To log in to TeamCity users should provide their user name in the form DOMAIN\user.name and their domain password. <username>@<domain> login name syntax is also supported.
It is also possible to log in using only a username if the domain is specified in ntlm.defaultDomain property of <TeamCity data directory> /config/ntlm-config.properties file.
Since TeamCity 7.1 when running under Windows TeamCity server uses Waffle library for authentication by default. Under Linux, JCIFS library is used for the Windows domain login.
The following settings in <TeamCity data directory> /config/ntlm-config.properties file are obsolete and are not recommended for usage. Please comment them out and report any issues that you have with the configuration.
# ntlm.compatibilityMode=true # teamcity.ntlm.use.jcifs=true
jCIFS Library Specific Configuration
The library is configured using the properties specified in <TeamCity data directory>/config/ntlm-config.properties file. Changes to the file take effect immediately without server restart.
If default settings does not work for your environment, please refer to http://jcifs.samba.org/src/docs/api/ for all available configuration properties. If the library does not find domain controller to authenticate against, consider adding jcifs.netbios.wins property in the ntlm-config.properties file with address of your WINS server. For other domain services locating properties, see http://jcifs.samba.org/src/docs/resolver.html.
LDAP Authentication
Please refer to the LDAP Integration.