Details
-
Type:
Improvement
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Won't Fix
-
Component/s: core
-
Environment:Oracle Enterprise Linux/Redhat 6.x
-
Similar Issues:
Description
A slave node in a secured Jenkins environment requires jnlpCredentials in order to connect to Jenkins. These credentials are supplied via the -jnlpcredentials command-line argument to the java command, but that easily exposes them to others.
For example:
java -jar slave.jar -jnlpCredentials user:pass -jnlpUrl http://somewhere/xx.jnlp
Please provide an alternate parameter for the option that allows the slave credentials to be supplied in a file that is read during slave start-up. Alternately, you could select a file name (e.g. .jslaverc) that would be checked for credentials if you didn't want to introduce a new command-line parameter for slave.jar startup. Either way would get the credentials off of the command-line, making them less accessible to other users of the system.
Is this still an issue with the -secret argument method of authentication, e.g.
java -jar slave.jar -jnlpUrl http://jenkins/computer/slavename/slave-agent.jnlp -secret 39689ae1d7e114c806f45c0287f95717647ab1f4c7555c7e1778d4cfc623a964
It's available at least since 1.509.x. You cannot do anything except launch a slave (different from real user credentials), and only while it's not already connected, and it gets logged on the master.