In my corporation, all activedirectory account are setup to have a password that expire every 40 days.

This include the account used as bind account for querying activedirectory with active-directory-plugin.

When the password is changed, if I'm not currently logged in Jenkins, I have no way to get back logged-in in order to change the password. The only workaround I found is to stop jenkins, set useSecurity to false in config.xml, restart it and reconfigure the authentication using new password. This is not very convenient.

I have two ideas of feature that can solve this problem:

• The active-directory-plugin can provide a tool to encrypt the password from command line or from a cli command that is accessible to anonymous user, then the encrypted password can be replaced in config.xml file (this can be done automatically from a shell script when a password change is detected).

• The jenkins core can allow to use two authentication at the same time: the one that is mainly used and a backup one (for example fixed to "use jenkins internal database") providing an always accessible "admin" login.