Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28793

Allow option to disallow password entry in Perforce Plugin Configuration

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      For organizations which exclusively use Kerberos or non-password authentication, it would be useful to remove these fields from the configuration form. This would prevent users from accidentally entering their username / password credentials in an environment where they are not required.

        Attachments

          Activity

          Hide
          brianegge Brian Egge added a comment -

          Hi Rob,

          We have thousands of projects using this plugin, none of which specify the tickets in the password field. As you can see from the command line snip-its I posted, it does not matter what is passed in to stdin, when using perforce with ticket based authentication.

          The option, as I proposed above, might not work in every environment, but would work in ours.

          Show
          brianegge Brian Egge added a comment - Hi Rob, We have thousands of projects using this plugin, none of which specify the tickets in the password field. As you can see from the command line snip-its I posted, it does not matter what is passed in to stdin, when using perforce with ticket based authentication. The option, as I proposed above, might not work in every environment, but would work in ours.
          Hide
          rpetti Rob Petti added a comment -

          Brian, please explain how you have set this up to work in your environment, and I'm having difficult understanding how common such a use-case would be. Ticket authentication does not simply let anyone log in with any password and without any ticket. That's not how it works.

          How have your users specified the ticket for use by the client in the first place? How do they get past initial login?

          Show
          rpetti Rob Petti added a comment - Brian, please explain how you have set this up to work in your environment, and I'm having difficult understanding how common such a use-case would be. Ticket authentication does not simply let anyone log in with any password and without any ticket. That's not how it works. How have your users specified the ticket for use by the client in the first place? How do they get past initial login?
          Hide
          brianegge Brian Egge added a comment -

          I believe our environment has P4LOGINSSO set.

          http://www.perforce.com/perforce/r15.1/manuals/cmdref/P4LOGINSSO.html

          This allows 'p4 login' to work without the ticket being directly specified.

          Show
          brianegge Brian Egge added a comment - I believe our environment has P4LOGINSSO set. http://www.perforce.com/perforce/r15.1/manuals/cmdref/P4LOGINSSO.html This allows 'p4 login' to work without the ticket being directly specified.
          Hide
          rpetti Rob Petti added a comment -

          Ah! That's the part I was missing.

          I'm assuming the User field is still required in that case?

          Show
          rpetti Rob Petti added a comment - Ah! That's the part I was missing. I'm assuming the User field is still required in that case?
          Hide
          brianegge Brian Egge added a comment -

          No, the user field is not required. It doesn't pose a security problem having the user field, but it doesn't serve any purpose.

          Show
          brianegge Brian Egge added a comment - No, the user field is not required. It doesn't pose a security problem having the user field, but it doesn't serve any purpose.

            People

            • Assignee:
              Unassigned
              Reporter:
              brianegge Brian Egge
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: