Monday, August 31, 2009

Setting up Maven2 behind a password-protected NTLM proxy

The nice Maven people suggest that you might be able to get this configuration working, but don't say how. The Jetty people, however, suggest using CNTLM. I tried installing CNTLM (using synaptic package manager) and managed to configure the conf file in /etc/cntlm.conf which now reads in pertinent part:

Username jbloggs
Domain myorg
Password secret

OK, these aren't real values, but you get the idea. The proxy pointed to here is the REAL proxy. The "domain" is the local domain, not the long full domain-name, but maybe that also works. CNTLM is a proxy to the proxy and runs on localhost. Then I started the cntlm service thus:

sudo service cntlm start

I also had to tinker with my maven setings in ~/.m2/settings.xml:


Note that I point maven to the cntlm proxy, which contacts the NTLM proxy via the cntlm.conf file. One nice consequence of this is that if I now change my general web proxy also to the localhost CNTLM one then ALL my requests get relayed through cntlm, so I don't have to keep telling the NTLM proxy who I am every five minutes. Whew!

And, hey presto, maven works.

One proviso: On the cntlm website it suggests testing cntlm on the commandline, and if you do that it responds with something to the effect that there was no user specified. What this means is that when running on the commandline cntlm does NOT look in /etc/cntlm.conf. So you have to supply that information as options. That threw me for a while until I just tested the service and was surprised to find it was running beautifully.