You can implement access-control using FishEye's user list. FishEye can maintain a set of users, or you can have FishEye look in an external authentication source for users, passwords and permissions.

Anonymous access to FishEye is allowed by default. You can disable anonymous access at a global and per-repository level.

Although FishEye always maintains a list of users internally, you can have FishEye authenticate and authorize users against an external authentication source. FishEye currently supports:

• LDAP authentication.
• Host-based authentication. This is implemented using PAM on Linux/Solaris/OS-X, and Local/Domain Accounts on Windows.
• AJPv13 authentication.
• Custom authentication.