MailArchiva V10 introduces a complete overhaul of the authentication framework. The legacy security framework has been replaced with Pac4j. This change reflects Microsoft’s direction on authentication. In June 2024, Microsoft announced that NTLMv2 is deprecated and no longer under active development. NTLM remains for compatibility, but Microsoft is moving customers toward Kerberos and modern identity protocols.
As a result, MailArchiva V10 no longer relies on NTLM and instead supports Kerberos-based authentication through Pac4j. Pac4j provides a modern, standards-based authentication layer. It supports Kerberos, LDAP, OAuth 2.0, and OpenID Connect, allowing MailArchiva to integrate with Active Directory, Entra ID (Azure AD), and other enterprise identity providers.
It enables single sign-on and works with identity providers that enforce multi-factor authentication, without MailArchiva needing to manage MFA itself. Pac4j is actively maintained and widely used in the Java ecosystem, providing ongoing security updates and compatibility with modern identity systems. The new framework also separates authentication from application logic, reducing security risk and making MailArchiva easier to deploy in on-premise, cloud, and tenant-based environments.