Community
Participate
Working Groups
Build Identifier: 2.2.0 In an (enterprise) environment where Hudson security is enabled (and most likely linked to LDAP), the slaves need to authenticate and have permission to access the jnlp file. The slaves' accounts are system accounts and their permissions should be kept separate from the users', but there is no separate configurable permission for reading the jnlp file. In a scenario where all users need to authenticate to have read access, in today's Hudson read access has ot be assigned the the slaves' accounts so that they can access the jnlp files. If anyone gets hold of a slave's (system) account, he/she will get read access without using a correct user account. Giving permission to read the jnlp file should not involve giving general read access to Hudson. A workaround is to log in and download the jnlp file and store is somewhere else (like locally on the slave). Reproducible: Always