Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2774

Provide authentication between master/slave machines

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • remoting
    • None
    • Platform: All, OS: All

      Currently slaves do not authenticate to a hudson master, so in order to set up a master/slave build
      cluster, the anonymous user must be granted at least "read" access to Hudson so that the slaves can
      connect to the master. If anonymous has no permissions, then the slaves are unable to connect at all –
      the master shows them as being offline, and on the slave, a 403 permission denied error is shown when
      running the JNLP launcher.

      For a public-facing hudson, this is a large security risk, as it means opening up the site to anonymous
      users for read access simply so that the build slaves can run their jobs. It would be ideal if there was
      some way to have the slaves authenticate as a certain user to the master – perhaps the authentication
      information could be specified in the slave's configuration XML file?

          [JENKINS-2774] Provide authentication between master/slave machines

          candrews added a comment -

          CC'ing myself. My site needs a solution to this to keep the "public" (well,
          those in our firewall who shouldn't be viewing Hudson) out while keeping the
          slaves working.

          candrews added a comment - CC'ing myself. My site needs a solution to this to keep the "public" (well, those in our firewall who shouldn't be viewing Hudson) out while keeping the slaves working.

          I thought JNLP clients support the BASIC authentication.

          If you send the credential that way, Hudson will authenticate the client.

          Kohsuke Kawaguchi added a comment - I thought JNLP clients support the BASIC authentication. If you send the credential that way, Hudson will authenticate the client.

          larsko added a comment -

          I've tried to get this to work, but I can't figure out a way to embed the authentication info in the JNLP file. If I modify the URL to contain the login information on the commandline when running java, I get the JNLP file, but then can't connect after that because it references a URL that requires authentication.

          larsko added a comment - I've tried to get this to work, but I can't figure out a way to embed the authentication info in the JNLP file. If I modify the URL to contain the login information on the commandline when running java, I get the JNLP file, but then can't connect after that because it references a URL that requires authentication.

          larsko added a comment -

          After some more digging, JENKINS-4071 fixes this.

          larsko added a comment - After some more digging, JENKINS-4071 fixes this.

            Unassigned Unassigned
            sqook sqook
            Votes:
            3 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: