Jenkins Update Problems

[Terry Shields]

Our Jenkins server uses Active Directory for login management and the Security Realm in Jenkins is set to: Unix user/group database. We are currently running release 2.138.4 in Jenkins and everything works great. If I update to any release above 2.138.4 all logins to Jenkins using a user in AD stop working, a local user can still login. We have been trying to figure out what is the cause, but have been unable to track it down for some time now. Has anyone else run into something like this?

Other releases that have been tried and fail:

2.140

2.147

2.150.3

2.164.2

2.176.1

[Terry Shields]

We have figured out that this is due to Jenkins 2.139 updated libpam4j from 1.8 to 1.11, looks like 1.11 requires root to get authentication. If we start Jenkins using root everything as far as logging in works, it breaks all kinds of other things so we would rather not do this. Starting Jenkins using the jenkins user as we have done for years breaks all logins that come from Active Directory. Has anyone else encountered this and what did you do to get around it?