-
New Feature
-
Resolution: Unresolved
-
Major
In my corporation, all activedirectory account are setup to have a password that expire every 40 days.
This include the account used as bind account for querying activedirectory with active-directory-plugin.
When the password is changed, if I'm not currently logged in Jenkins, I have no way to get back logged-in in order to change the password. The only workaround I found is to stop jenkins, set useSecurity to false in config.xml, restart it and reconfigure the authentication using new password. This is not very convenient.
I have two ideas of feature that can solve this problem:
- The active-directory-plugin can provide a tool to encrypt the password from command line or from a cli command that is accessible to anonymous user, then the encrypted password can be replaced in config.xml file (this can be done automatically from a shell script when a password change is detected).
- The jenkins core can allow to use two authentication at the same time: the one that is mainly used and a backup one (for example fixed to "use jenkins internal database") providing an always accessible "admin" login.
See https://issues.jenkins-ci.org/browse/JENKINS-15063. Essentially, this would require an incompatible change.