Re: Jenkins Jabber plugin security
Dear Cristoph, Thanks for your help. I do not saw the mentioned option in jabber settings, for me it is highly enough. Regards, -- Gabor Garami 2012.04.01. 12:33, "Christoph Kutzinski" ezt írta: > Hi Gabor, > > there's currently no way to let the plugin impersonate you - i.e. the user > who is issueing a command via Jabber - in Jenkins. I wonder if there is a > theoretical way to do this without compromising security in some way. > So yes, commands are issued as either the anonymous user or - if you have > configured so in the plugin's options - as a given Jenkins user. In the > latter case it uses the permissions granted to the user. > > Hope this answers your question. > > cheers > Christoph > > Am 31.03.2012 18:59, schrieb Gábor Garami: > >> Hi, >> >> This maybe a newbie question but I do not understand well what Jabber >> plugin does with my Jenkins server. >> >> So, I currently using "Matrix-based security" in my jenkins instance. >> But Jabber plugin does not impersonate me correctly even if I filled my >> Jabber address in my profile. Since the impersonation not used Jabber >> plugin seems like do its work as anonymous user. I mean if I instruct >> bot via Jabber channel to do something, the bot does not execute this >> task as me, but as an anonymous user. However, this server is available >> on the internet, and I would not allow anonymous user to do _anything_ >> on my CI server except view login page :-). >> >> So, the question is: is there a way to tell Jabber plugin to recognize >> me over jabber and do tasks as me not as anonymous/unknown user? Or, >> anyway, how this plugin works? I am not understand well Jenkins' >> internal architecture, so I should not dig into the source of plugin too >> deep. >> >> Thanks for replies. >> >> Regards, >> -- >> Gabor Garami >> > >
Re: Jenkins Jabber plugin security
Hi Gabor, there's currently no way to let the plugin impersonate you - i.e. the user who is issueing a command via Jabber - in Jenkins. I wonder if there is a theoretical way to do this without compromising security in some way. So yes, commands are issued as either the anonymous user or - if you have configured so in the plugin's options - as a given Jenkins user. In the latter case it uses the permissions granted to the user. Hope this answers your question. cheers Christoph Am 31.03.2012 18:59, schrieb Gábor Garami: Hi, This maybe a newbie question but I do not understand well what Jabber plugin does with my Jenkins server. So, I currently using "Matrix-based security" in my jenkins instance. But Jabber plugin does not impersonate me correctly even if I filled my Jabber address in my profile. Since the impersonation not used Jabber plugin seems like do its work as anonymous user. I mean if I instruct bot via Jabber channel to do something, the bot does not execute this task as me, but as an anonymous user. However, this server is available on the internet, and I would not allow anonymous user to do _anything_ on my CI server except view login page :-). So, the question is: is there a way to tell Jabber plugin to recognize me over jabber and do tasks as me not as anonymous/unknown user? Or, anyway, how this plugin works? I am not understand well Jenkins' internal architecture, so I should not dig into the source of plugin too deep. Thanks for replies. Regards, -- Gabor Garami
Jenkins Jabber plugin security
Hi, This maybe a newbie question but I do not understand well what Jabber plugin does with my Jenkins server. So, I currently using "Matrix-based security" in my jenkins instance. But Jabber plugin does not impersonate me correctly even if I filled my Jabber address in my profile. Since the impersonation not used Jabber plugin seems like do its work as anonymous user. I mean if I instruct bot via Jabber channel to do something, the bot does not execute this task as me, but as an anonymous user. However, this server is available on the internet, and I would not allow anonymous user to do _anything_ on my CI server except view login page :-). So, the question is: is there a way to tell Jabber plugin to recognize me over jabber and do tasks as me not as anonymous/unknown user? Or, anyway, how this plugin works? I am not understand well Jenkins' internal architecture, so I should not dig into the source of plugin too deep. Thanks for replies. Regards, -- Gabor Garami
