Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71972

Authentication Failed with Docker image Jenkins LTS (2.414.1)

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • pam-auth-plugin
    • None

      We are using Jenkins docker image in our CI.

      On 23/08/2023 ( LTS 2.414.1 ), the image is updated from Debian 11 to Debian 12.
      In this update, libpam-runtime move from 1.4.0 to 1.5.0 and the plugin PAM is the same
      Since this date, LDAP Authentication Failed.

      We suspect an incompatibility with the new libpam-runtime.

          [JENKINS-71972] Authentication Failed with Docker image Jenkins LTS (2.414.1)

          Abderrazak created issue -

          Bruno Verachten added a comment - - edited

          Hello abderrazakabidallah ,

           

          would you please have any logs to share?

          It's been more than a year since the last update of the plugin, which may explain why.

           

          Just in case, I have proposed a PR to update the dependencies of libpam4j.

          I have also rebuilt the plugin on my bookworm machine (with the snapshotted libpam4j) without a problem (tests passed).

          I have attached my build to this issue if you want to try it in your instance.

          Bruno Verachten added a comment - - edited Hello abderrazakabidallah ,   would you please have any logs to share? It's been more than a year since the last update of the plugin, which may explain why.   Just in case, I have proposed a PR to update the dependencies of libpam4j. I have also rebuilt the plugin on my bookworm machine (with the snapshotted libpam4j) without a problem (tests passed). I have attached my build to this issue if you want to try it in your instance.
          Bruno Verachten made changes -
          Attachment New: pam-auth.hpi [ 61111 ]

          Abderrazak added a comment - - edited

          Hi Bruno,

          I share some logs (issue-logs.txt), tks you for investigation.

          The tests you make are LDAP test connexions ?

          Abderrazak added a comment - - edited Hi Bruno, I share some logs ( issue-logs.txt ), tks you for investigation. The tests you make are LDAP test connexions ?
          Abderrazak made changes -
          Attachment New: issue-logs.txt [ 61115 ]

          Thanks for the logs, abderrazakabidallah .
          The tests are the standard ones within the plugin itself, so I guess this is not the kind of test you're looking for.
          Is there any way for you to test this new plugin build (i.e. install locally in your instance)?

          Bruno Verachten added a comment - Thanks for the logs, abderrazakabidallah . The tests are the standard ones within the plugin itself, so I guess this is not the kind of test you're looking for. Is there any way for you to test this new plugin build (i.e. install locally in your instance)?

          Abderrazak added a comment - - edited

          Hi 

          When I test your hpi (PAM Authentication pluginVersion1.11-SNAPSHOT) , the authentication still failed.

          When I try to test directly the lib in my server context, i use testOne test of the InteractiveTester.java (after renaming to InteractiveTest.java to make command mvn test passing on)

          In my server contexte PAM configuration is linked to an LDAP.

          Thank you for investigations

          Abderrazak added a comment - - edited Hi  When I test your hpi (PAM Authentication pluginVersion1.11-SNAPSHOT) , the authentication still failed. When I try to test directly the lib in my server context, i use testOne test of the InteractiveTester.java (after renaming to InteractiveTest.java to make command mvn test passing on) In my server contexte PAM configuration is linked to an LDAP. Thank you for investigations

          Gilbert added a comment - - edited

          Hello,   mcdvoice

          After updating the Jenkins LTS Docker image to version 2.414.1 with Debian 12, an LDAP authentication issue emerged. This problem is suspected to be linked to an incompatibility with the newer version of libpam-runtime (1.5.0) compared to the previous version (1.4.0). Despite no changes to the PAM plugin, the authentication process may be affected by differences in how libpam-runtime interacts with LDAP. Investigating and addressing this compatibility issue is crucial to ensure LDAP authentication functions properly in the updated Jenkins image. It may require configuration adjustments or plugin updates to align with the new libpam-runtime version.

           

           

          Gilbert added a comment - - edited Hello,   mcdvoice After updating the Jenkins LTS Docker image to version 2.414.1 with Debian 12, an LDAP authentication issue emerged. This problem is suspected to be linked to an incompatibility with the newer version of libpam-runtime (1.5.0) compared to the previous version (1.4.0). Despite no changes to the PAM plugin, the authentication process may be affected by differences in how libpam-runtime interacts with LDAP. Investigating and addressing this compatibility issue is crucial to ensure LDAP authentication functions properly in the updated Jenkins image. It may require configuration adjustments or plugin updates to align with the new libpam-runtime version.    

          Thank you gilbertboyer .

          I've updated everything I could in the plugin and created a pull request for it.

          However, it seems that it wasn't sufficient, as mentioned by Abderrazak.

          Bruno Verachten added a comment - Thank you gilbertboyer . I've updated everything I could in the plugin and created a pull request for it. However, it seems that it wasn't sufficient, as mentioned by Abderrazak.
          Abderrazak made changes -
          Assignee Original: Matt Sicker [ jvz ] New: Abderrazak [ abderrazakabidallah ]

            Unassigned Unassigned
            abderrazakabidallah Abderrazak
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: