-
New Feature
-
Resolution: Unresolved
-
Major
-
None
Instead of simple bind, use SASL to provide some degree of data encryption out of the box.
MSDN lists various mechanisms that AD supports, and it includes DIGEST-MD5, which works with plain text password Jenkins has received from the browser (via the login form.) SASL is supported by JNDI LDAP implementation so activating it should be very simple.
- is related to
-
JENKINS-3730 Implement Integrated Windows Authentication
-
- Resolved
-
-
JENKINS-15847 LDAP plus SASL
-
- Closed
-
One of the reasons people want
JENKINS-3730is to avoid plain text password on the network caused by simple bind. This will prevent that.