Git Plugin: updated password now cannot connect to repo

[Jim Klo]

Hi, 

Over the last few days my password used for Jenkins' Git Plugin expired, of which I promptly updated in Jenkins.

Unfortunately, even with the correct password (which uses the same special characters as the previous password) it won't authenticate, and there doesn't seem to be any other error that what I captured in the attached screen grab.

The same credentials work with Jenkins SVN Plugin, noting that our SCM uses LDAP.  I can switch to another user's credentials and it work fine, but I cannot seem to get the original login to work.

Not sure what I'm doing wrong.  Is this a bug?  Is there a workaround?  It seems like to me like Git might caching credentials globally, but not sure.

[Mark Waite]

I doubt it is a bug in the git plugin or the git client plugin, just based on the things that have changed and the things that have not changed.  You've changed credentials, and not changed the git plugin or the git client plugin.

http://askubuntu.com/questions/336907/really-verbose-way-to-test-git-connection-over-ssh suggests that you might be able to use ~/.ssh/config to enable much more verbose logging.  That might provide better hints to the root of the problem.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/90f66c85-97f7-4c24-81ad-acd8210efe62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jim Klo]

Thanks, unfortunately that doesn't yield much more help...

Building in workspace /Users/xxxxxxxx/.jenkins/jobs/junk/workspace
Cloning the remote Git repository
Cloning repository https://xxxxxx.com/scm/git/ROR/xxxxxxxx-packaging
 > git init /Users/sunflower/.jenkins/jobs/junk/workspace # timeout=10
Fetching upstream changes from https://xxxxxx.com/scm/git/ROR/xxxxxxx-packaging
 > git --version # timeout=10
using .gitcredentials to set credentials
 > git config --local credential.username xxxxxx # timeout=10
 > git config --local credential.helper store --file=/var/folders/vx/bg9y23jd4dnd_8c0vdkk097r0000gn/T/git7310946539402031311.credentials # timeout=10
 > git -c core.askpass=true fetch --tags --progress https://xxxxxx.com/scm/git/ROR/xxxxxxx-packaging +refs/heads/*:refs/remotes/origin/*
 > git config --local --remove-section credential # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://xxxxxx.com/scm/git/ROR/xxxxxxx-packaging +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: remote error: Invalid username or password.

Now I've also tried upgrading Jenkins and all the plugins... same error.

Jim 

[Jim Klo]

An update... still haven't figured this out entirely but now I'm pretty confident there is at least 1 Jenkins bug.

I figured out a way to capture the temporary credentials file.  When I looked at this, there were a couple of things that struck me.

1) it contained multiple credentials, both old and new.

2) when changing passwords using Safari 9 browser on a Mac, the credential file contained random garbage; i.e. it contained the field help text for the password field instead of the password.

3) the password credentials file does not appear to completely URL encode the password; characters '{' and '}' were not encoded.

Now if I don't select a credential, and correctly url encode the username & password in the SCM Repository URL field... it "works" albeit not exactly secure.

Any thoughts on how to fix? Mind you that this all works fine using the same entered credentials for SVN and only a problem with GIT.  Also the odd thing is that old password contained both '{' and '}' and it worked fine for the last year.