Minor For organizations which exclusively use Kerberos or non-password authentication, it would be useful to remove these fields from the configuration form. This would prevent users from accidentally entering their username / password credentials in an environment where they are not required.
[JENKINS-28793] Allow option to disallow password entry in Perforce Plugin Configuration
Brian Egge
created issue -
| Assignee | Original: Rob Petti [ rpetti ] |
| Resolution | New: Won't Fix [ 2 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
Brian Egge
added a comment - Hi Rob,
We are using this plugin, along with the stock p4 client and kerberos tickets. "p4 login" is called, and the username / password is ignored (if provided). Unfortunately, many users are filling in the username / password fields, despite it having no effect. We'd like to prevent people from entering their password, as this is a security vulnerability.
Brian Egge
added a comment - Hi Rob,
We are using this plugin, along with the stock p4 client and kerberos tickets. "p4 login" is called, and the username / password is ignored (if provided). Unfortunately, many users are filling in the username / password fields, despite it having no effect. We'd like to prevent people from entering their password, as this is a security vulnerability.
Please provide a link to the documentation describing P4's Kerberos support. I am not seeing any documentation that would suggest it's supported in any way on the client side. P4 tickets are supposed to be provided in the password field themselves, and are no way ignored by p4.
If this is a custom client or login trigger, then we cannot support that in the perforce plugin, as removing the p4 password will break the plugin.
Brian Egge
added a comment - Rob,
You can see the code in the plugin which currently supports ticket based authentication:
https://github.com/jenkinsci/perforce-plugin/blob/dbfe554cfb4006b22084ea37d207a54af0ff227c/src/main/java/com/tek42/perforce/parse/AbstractPerforceTemplate.java#L618
I'm not asking to change any of that. What needs to be done is adding something to global.jelly like:
<f:entry title="${%Disable entering of username / passwords}">
<f:checkbox name="p4.passwordEntryDisabled" checked="${descriptor.passwordEntryDisabled}"/>
<f:description>Option globally disallows entry of Perforce passwords</f:description>
</f:entry>
And then in config.jelly, wrap the username / password fields in:
<j:if test="${not descriptor.passwordEntryDisabled}">
...
</j:if>
Brian Egge
added a comment - Rob,
You can see the code in the plugin which currently supports ticket based authentication:
https://github.com/jenkinsci/perforce-plugin/blob/dbfe554cfb4006b22084ea37d207a54af0ff227c/src/main/java/com/tek42/perforce/parse/AbstractPerforceTemplate.java#L618
I'm not asking to change any of that. What needs to be done is adding something to global.jelly like:
<f:entry title="${%Disable entering of username / passwords}">
<f:checkbox name="p4.passwordEntryDisabled" checked="${descriptor.passwordEntryDisabled}"/>
<f:description>Option globally disallows entry of Perforce passwords</f:description>
</f:entry>
And then in config.jelly, wrap the username / password fields in:
<j:if test="${not descriptor.passwordEntryDisabled}">
...
</j:if> Brian,
I am still confused about your use case. You claim to be using Kerberos (which perforce does not support as near as I can tell) but point to Perforce's proprietary ticket-based authentication, which is completely different...
I've already explained that the password field is required for login, and takes either a password or a ticket. Removing the password field will cause the plugin to stop functioning, as logins will become impossible.
Please explain how you expect Perforce to continue to operate when no tickets or passwords are available to the plugin.
Brian Egge
added a comment - Hi Rob,
Would you agree Perforce has 'password' and 'ticket' authentication?
For ticket authentication, the ticket is retrieved from the p4 login command at line 618 of AbstractLoginTemplate.
One can see that when using ticket authentication, whatever is passed in via stdin is ignored.
$ echo "" | p4 login -a -p
A6A9E2785DEXXXXXXXXXXXXXXXXXXXX
$ echo "AnyPassword" | p4 login -a -p
A6A9E2785DEXXXXXXXXXXXXXXXXXXXX
The ticket is returned for later use by the plugin. The above is exactly what's occurring at line 634.
Most users leave the 'password' field blank, as they should, but some users enter their password. Both produce the same result, but the latter is a security concern which I'm wanting to address by removing the option to enter a password.
Regards,
Brian
Brian Egge
added a comment - Hi Rob,
Would you agree Perforce has 'password' and 'ticket' authentication?
For ticket authentication, the ticket is retrieved from the p4 login command at line 618 of AbstractLoginTemplate.
One can see that when using ticket authentication, whatever is passed in via stdin is ignored.
$ echo "" | p4 login -a -p
A6A9E2785DEXXXXXXXXXXXXXXXXXXXX
$ echo "AnyPassword" | p4 login -a -p
A6A9E2785DEXXXXXXXXXXXXXXXXXXXX
The ticket is returned for later use by the plugin. The above is exactly what's occurring at line 634.
Most users leave the 'password' field blank, as they should, but some users enter their password. Both produce the same result, but the latter is a security concern which I'm wanting to address by removing the option to enter a password.
Regards,
Brian It's only able to get the ticket by virtue of being able to log in using a password or a ticket specified in the password field. If you remove the password field, the plugin will stop working because there will be no way for it to get the ticket in the first place.
p4 login is always called in order to get or refresh a ticket. Removing the field will cause the plugin to stop functioning, as no ticket or password will be available for login.
In order to use Kerberos or some other non-password auth on the client-side, you would need to use a custom third-party perforce client, which will never be supported by this plugin.