Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13526

PAM security realm should have a way to differentiate users from groups

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • _unsorted, core
    • None

      This is an issue that came up in the #jenkins irc channel.

      There is currently a limitation when using PAM with matrix based security. If a group's name matches that of a user, it cannot be used in the configuration, as it will always select the user instead of the group.

      I propose supporting a prefix, such as '@' that will explicitly identify the group/user as a group.

          [JENKINS-13526] PAM security realm should have a way to differentiate users from groups

          Rob Petti added a comment -

          Submitted pull request with proposed fix: https://github.com/jenkinsci/jenkins/pull/450

          Rob Petti added a comment - Submitted pull request with proposed fix: https://github.com/jenkinsci/jenkins/pull/450

          Code changed in jenkins
          User: Rob Petti
          Path:
          changelog.html
          core/src/main/java/hudson/security/PAMSecurityRealm.java
          core/src/main/resources/hudson/security/PAMSecurityRealm/help.html
          http://jenkins-ci.org/commit/jenkins/db1b7eef1a9a67b5f08e73d349230e0cec5a485d
          Log:
          [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Rob Petti Path: changelog.html core/src/main/java/hudson/security/PAMSecurityRealm.java core/src/main/resources/hudson/security/PAMSecurityRealm/help.html http://jenkins-ci.org/commit/jenkins/db1b7eef1a9a67b5f08e73d349230e0cec5a485d Log: [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group

          dogfood added a comment -

          Integrated in jenkins_main_trunk #1688
          [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group (Revision db1b7eef1a9a67b5f08e73d349230e0cec5a485d)

          Result = UNSTABLE
          Kohsuke Kawaguchi : db1b7eef1a9a67b5f08e73d349230e0cec5a485d
          Files :

          • core/src/main/java/hudson/security/PAMSecurityRealm.java
          • changelog.html
          • core/src/main/resources/hudson/security/PAMSecurityRealm/help.html

          dogfood added a comment - Integrated in jenkins_main_trunk #1688 [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group (Revision db1b7eef1a9a67b5f08e73d349230e0cec5a485d) Result = UNSTABLE Kohsuke Kawaguchi : db1b7eef1a9a67b5f08e73d349230e0cec5a485d Files : core/src/main/java/hudson/security/PAMSecurityRealm.java changelog.html core/src/main/resources/hudson/security/PAMSecurityRealm/help.html

          dogfood added a comment -

          Integrated in jenkins_ui-changes_branch #26
          [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group (Revision db1b7eef1a9a67b5f08e73d349230e0cec5a485d)

          Result = SUCCESS
          Kohsuke Kawaguchi : db1b7eef1a9a67b5f08e73d349230e0cec5a485d
          Files :

          • core/src/main/resources/hudson/security/PAMSecurityRealm/help.html
          • changelog.html
          • core/src/main/java/hudson/security/PAMSecurityRealm.java

          dogfood added a comment - Integrated in jenkins_ui-changes_branch #26 [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group (Revision db1b7eef1a9a67b5f08e73d349230e0cec5a485d) Result = SUCCESS Kohsuke Kawaguchi : db1b7eef1a9a67b5f08e73d349230e0cec5a485d Files : core/src/main/resources/hudson/security/PAMSecurityRealm/help.html changelog.html core/src/main/java/hudson/security/PAMSecurityRealm.java

          Code changed in jenkins
          User: Rob Petti
          Path:
          core/src/main/java/hudson/security/PAMSecurityRealm.java
          core/src/main/resources/hudson/security/PAMSecurityRealm/help.html
          http://jenkins-ci.org/commit/pam-auth-plugin/17721734698d56dbe0f654f52f27353df08235c9
          Log:
          [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group

          Originally-Committed-As: db1b7eef1a9a67b5f08e73d349230e0cec5a485d

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Rob Petti Path: core/src/main/java/hudson/security/PAMSecurityRealm.java core/src/main/resources/hudson/security/PAMSecurityRealm/help.html http://jenkins-ci.org/commit/pam-auth-plugin/17721734698d56dbe0f654f52f27353df08235c9 Log: [FIXED JENKINS-13526] use '@' prefix to force PAM to interpret the user/group as a group Originally-Committed-As: db1b7eef1a9a67b5f08e73d349230e0cec5a485d

            Unassigned Unassigned
            rpetti Rob Petti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: