-
Bug
-
Resolution: Fixed
-
Major
During the setup wizard, Jenkins asks if I want to create an admin user or skip it. When I choose skip, it'll still create an admin user anyway.
This is unintuitive. The expectation with the 'Skip' label is that I'm NOT creating an admin user. There are legitimate reasons to do this - for example if I'm setting up Jenkins with a real security realm like LDAP, I really do not want the admin user.
The problem is further made worse by the fact that this default admin user has the security token as the password, which you can never recover if you haven't written it down.
I think we are going too far here. We make it very obvious and natural for people to create an admin user, and 'Skip' is very under-emphasized already. This should be sufficient. It shouldn't get in the way of people who know what they are doing, just like we let people not install any recommended plugins.
If we insist on forcing people to create an admin user just to install LDAP plugin & throw that user away, then I'd rather not have the "Skip" button. As a reference, Atlassian tools for example doesn't let you skip creating admin user. You always have to create one.
- is related to
-
-
- Resolved
-
- links to
[JENKINS-33601] Setup wizard: 'skip' is not actually skip
| Epic Link |
New:
|
I don't think that this is an improvement, it is a bug (actually a blocker for 2.0).
When I press skip now, I end up at an error page in 2.0 beta:
An error occurred Unable to connect to Jenkins
| Issue Type | Original: Improvement [ 4 ] | New: Bug [ 1 ] |
| Priority | Original: Minor [ 4 ] | New: Blocker [ 1 ] |
I think when selecting skip we should preserve the current behavior to have no admin user at all. There are so many single developer Jenkins installations out there that require no admin user at all. If someone runs Jenkins on localhost than there should be the simple permission schema available.
I.e. I'm running Jenkins locally for my plugins using the Unix auth with my Unix user name. It complicates things unnecessarily if I need to create an additional user now.
Yeah integrating the security config into the initial wizard would be an improvement for everyone integrating with another system. FWIW you can just use the same name you use there for admin user creation, then there's no additional user record – just an extra, unused password record for that user.
However, we will not make not having an admin user the default, or make it exceptionally easy (e.g. giant button rather than e.g. having to uncheck "Enable security") to opt out. Not during my term as security officer.
When I press skip now, I end up at an error page in 2.0 beta:
drulli Could you please provide detailed instructions how to reproduce this problem? When I click 'Skip' on admin user creation, the final screen shows. Is there maybe something logged in the browser console, or Jenkins log?
Spike Washburn
made changes -
| Assignee | New: Keith Zantow [ kzantow ] |
I think we should get rid of the skip option altogether, rather than leaving Jenkins unsecured, since the whole point of these changes was to make Jenkins secure. If we want to integrate the security config in again, that's trivial to do, just let me know what the decision is to proceed, please. kohsuke danielbeck
Discussion on the users list: https://groups.google.com/d/msg/jenkinsci-users/3GpzesBrQRY/WoG3b5e6JwAJ