www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mason ...@jmason.org>
Subject change Hudson to use LDAP for web auth
Date Tue, 07 Jul 2009 11:50:41 GMT
currently, Hudson.zones.apache.org has two user auth dbs:

1. a Tomcat tomcat-users.xml file to authenticate Hudson users over HTTP

2. /etc/passwd, to auth users logging in via SSH

Now, #2 should probably not yet be changed to use the ASF's LDAP, as
we restrict Hudson changes to PMC members, rather than all committers.
 But #1 could be changed to do this, since there's an additional layer
of authorization imposed by the Hudson configuration.  it'd be great
to do this since it'd remove an entire set of user/passwords for us to
maintain.

We could authenticate their logins via LDAP, but restrict changes to
the authorized list in that Hudson config.  Looking at
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JNDIRealm ,
this looks pretty feasible.

Infra - is this viable?  can we set this up?  has anyone got
experience using JNDIRealm with LDAP? does it work?

--j.

Mime
View raw message