On Wed, May 27, 2015 at 03:23:19PM +0100, Justin Clift wrote: > On 25 May 2015, at 16:21, Vijay Bellur <[email protected]> wrote: > > On 05/23/2015 11:46 PM, Niels de Vos wrote: > >> There seems to be a Jenkins plugin that makes is possible to use GitHub > >> OAuth to allow users to login. We use this for Gerrit already, should we > >> try it for Jenkins too? > >> > >> https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin > >> > > > > We could do this if we can set up the right authorization (should be > > possible based on the description of the plugin). > > > > Should we disable local user accounts once this is works? > > Would that run the risk of literally anyone with a GitHub account > being able to run (arbitrary) tasks on our VM infrastructure? > > If so, I'm not sure if that's a good/bad idea. I can imagine > both positives and negatives for it... ;) > > Maybe try it out, and see if it gets abused or not?
I have a test instance of Jenkins running, with the plugin installed. The attached screenshot shows the options in the "Configure Global Security" form. We can add a list of (GitHub) users that have admin permissions. We do not use the "Github repository" integration, so I think the permissions on the repository are not relevant for our usage. Cheers, Niels
_______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
