-
New Feature
-
Resolution: Unresolved
-
Major
-
None
Instead of simple bind, use SASL to provide some degree of data encryption out of the box.
MSDN lists various mechanisms that AD supports, and it includes DIGEST-MD5, which works with plain text password Jenkins has received from the browser (via the login form.) SASL is supported by JNDI LDAP implementation so activating it should be very simple.
- is related to
-
-
- Resolved
-
-
-
- Closed
-
[JENKINS-20733] SASL authentication with Active Directory
| Description |
Original:
Instead of simple bind, use [SASL|http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer] to provide some degree of data encryption out of the box. MSDN [lists various mechanisms|http://msdn.microsoft.com/en-us/library/cc223500.aspx] that AD supports, and it includes DIGEST-MD5, which works with plain text password Jenkins has received from the browser (via the login form.) SASL is [supported by JNDI LDAP implementation](http://docs.oracle.com/javase/tutorial/jndi/ldap/sasl.html) so activating it should be very simple. |
New:
Instead of simple bind, use [SASL|http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer] to provide some degree of data encryption out of the box. MSDN [lists various mechanisms|http://msdn.microsoft.com/en-us/library/cc223500.aspx] that AD supports, and it includes DIGEST-MD5, which works with plain text password Jenkins has received from the browser (via the login form.) SASL is [supported by JNDI LDAP implementation|http://docs.oracle.com/javase/tutorial/jndi/ldap/sasl.html] so activating it should be very simple. |
| Link |
New:
This issue is related to |
JENKINS-15847 indicates that maybe this is also useful for LDAP plugin.
| Link |
New:
This issue is related to |
| Workflow | Original: JNJira [ 152542 ] | New: JNJira + In-Review [ 178245 ] |
One of the reasons people want
JENKINS-3730is to avoid plain text password on the network caused by simple bind. This will prevent that.