[JIRA] (JENKINS-12585) SECURITY: LDAP authenticated users switch accounts randomly

Tue, 27 Mar 2012 07:03:33 -0700 

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-12585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=160832#comment-160832
 ] 

Christian Höltje edited comment on JENKINS-12585 at 3/27/12 2:03 PM:
---------------------------------------------------------------------

I have the same issue. One user can hit refresh repeatedly and get different 
users or even logged out and then back in!

My setup is:
Jenkins 1.456
JRE 7u3
Plugins of interest: Role-based Authorization Strategy
Authentication: LDAP
                
      was (Author: docwhat):
    I have the same issue. One user can hit refresh repeatedly and get 
different users or even logged out.

My setup is:
Jenkins 1.456
JRE 7u3
Plugins of interest: Role-based Authorization Strategy
Authentication: LDAP
                  
> SECURITY: LDAP authenticated users switch accounts randomly
> -----------------------------------------------------------
>
>                 Key: JENKINS-12585
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-12585
>             Project: Jenkins
>          Issue Type: Bug
>          Components: security
>    Affects Versions: current
>         Environment: Mac OSX: 10.6.8 Desktop
> Java version: 1.6.0_29
> Access Control
> * Security Realm: LDAP
> * Authorization: Project-based Matrix Authorization Strategy
> Jenkins: 1.448
> Apache
> * Server version: Apache/2.2.17 (Unix)
> * Server built:   Dec  1 2010 09:58:15
>            Reporter: guillermo c
>            Priority: Critical
>
> Running Jenkins behind Apache: mod_proxy with HTTPS
> https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
> So our setup is
> Open Directory group
> jenkins-admin - Jenkins Admins all 
> dev-group-a - Developers can view kick off builds 
> Project-based Matrix Authorization Strategy
> Admin all checked
> dev-group-a checked: Overall:Read  Job:Read,Build Run:Update
> dev-group-b checked: Overall:Read  Job:Read
> issue is I'm an admin and random developer will login and see that there user 
> id is mine and can admin jenkins.
> there has been reported cases that developer A will login and actually be 
> reported by jenkins as Developer B
> were they can no longer trigger CI builds
> My biggest concern is when users login and are reporting as admins and have 
> full access to jenkins.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to