git-server plugin and security

[Gregory Symons]

Hi all!

I'm trying to use the workflow library git repo provided by the cps-global-lib from the workflow suite. I'm also using the LDAP authentication plugin and matrix authorization. 

I've discovered what I think is a bug/missing feature when trying to access the git repo over https, but I'm not sure; I may have something misconfigured that I'm unaware of. When trying to access the git repo, Jenkins appears to use the anonymous user. If I remove all privileges from the anonymous user, this results in git receiving a 403. What should happen is that git should receive a 401 so that it knows to try basic auth, and then can login with the appropriate credentials. If I force basic auth with another http client like curl, everything works fine. In order to be able to use the the git repo over https, I had to give the anonymous user General Read and General Run Scripts permissions. At which point I no longer need to log in to use the repo.

Is there something I'm missing, or should I just use git over ssh instead if I want security?

Thanks,

Greg

[Jesse Glick]

On Wednesday, July 8, 2015 at 1:10:15 PM UTC-4, Gregory Symons wrote:

I've discovered what I think is a bug/missing feature when trying to access the git repo over https

JENKINS-26537