Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 332115

Summary: Please implement authentication against Bugzilla database
Product: Community Reporter: Gunnar Wagenknecht <gunnar>
Component: CI-JenkinsAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:

Description Gunnar Wagenknecht CLA 2010-12-08 06:24:01 EST 
I'm scared every time I have to enter my SSH login and SSH password into the Hudson web UI. Please implement authentication against the Bugzilla database. so that I con login using my Eclipse Site login (Bugzilla username and password).
Comment 1 Eclipse Webmaster CLA 2010-12-08 16:25:30 EST 
Can you explain why you'd like this feature?

Is there a plugin that provides this functionality?

-M.
Comment 2 Gunnar Wagenknecht CLA 2010-12-09 06:54:55 EST 
The SSH password is a cryptic one that changes regularly. I generally don't like to use those password but rely on key authentication. Thus, I always have to look it up from my password safe.

I just think it would be more convenient to use the Eclipse Site login for Hudson. Entering my SSH login credentials on a website makes me feel unsafe. Guess there is some history. ;)

There is a MySQL Authentication plugin. Not sure if that could be used.
Comment 3 Gunnar Wagenknecht CLA 2010-12-10 14:18:28 EST 
Please also have a look at the discussion in bug 332321 on the protection of SSH logins.
Comment 4 Denis Roy CLA 2010-12-10 14:27:25 EST 
Hudson is the only web property (other than the Portal) that uses LDAP to authenticate.  If we can switch to the Site login (preferably), or Apache+Bugzilla auth[1], MySQL auth with reasonably low effort, then I believe we should do so sooner rather than later.

Confirming this as a bug since it has a security implication.


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=392482
Comment 5 Denis Roy CLA 2010-12-20 13:23:44 EST 
Gunnar, what are your thoughts on code commits (SVN, Git) over https, which essentially transmit the Committer credentials over https?
Comment 6 Gunnar Wagenknecht CLA 2010-12-20 13:45:12 EST 
Good point. Personally, I don't use those for the very same reasons. Ideally they would be decoupled from SSH logins as well. But I guess that isn't possible. I think it would be inconvenient for those committers as well. 

If it's too much work to integrate the site login than you should focus on the more important things. We can leave that one open or close and re-open when there is time to work on this.

Merry Christmas and Happy Holidays!
Comment 7 Denis Roy CLA 2010-12-21 10:39:34 EST 
I wasn't actually trying to make a point... But it is something to consider.  We highly discourage commit-over-https access, but at least that form of authentication is handled by an Apache module.

Regardless, I still thing switching Hudson over to BZ auth would be a good thing.
Comment 8 Denis Roy CLA 2011-08-12 13:29:19 EDT 
We've been experimenting with BZ auth against LDAP.  We might have something up our sleeve.
Comment 9 Wayne Beaton CLA 2013-03-08 22:57:06 EST 
(In reply to comment #8)
> We've been experimenting with BZ auth against LDAP.  We might have something up
> our sleeve.

AFAICT, I am now able to use my LDAP credentials to log into Hudson. Can we mark this one as fixed?
Comment 10 Gunnar Wagenknecht CLA 2013-03-09 04:09:09 EST 
Yes. Works like a charm.