currently, Hudson.zones.apache.org has two user auth dbs: 1. a Tomcat tomcat-users.xml file to authenticate Hudson users over HTTP
2. /etc/passwd, to auth users logging in via SSH Now, #2 should probably not yet be changed to use the ASF's LDAP, as we restrict Hudson changes to PMC members, rather than all committers. But #1 could be changed to do this, since there's an additional layer of authorization imposed by the Hudson configuration. it'd be great to do this since it'd remove an entire set of user/passwords for us to maintain. We could authenticate their logins via LDAP, but restrict changes to the authorized list in that Hudson config. Looking at http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JNDIRealm , this looks pretty feasible. Infra - is this viable? can we set this up? has anyone got experience using JNDIRealm with LDAP? does it work? --j.
