I’ve got a puzzling issue and no one can seem to pinpoint the cause. We currently use Jenkins for automations, and we authenticate through AD. I had to change my password back in September (per policy). Ever since that change (and I had changed it a few times before), Jenkins apparently is locking my AD account. It gets to the point where I need to unlock it several times a day.
I’ve worked with our security & Jenkins admins and all the security folks can say is that the bad password attempts are coming from our Jenkins instance. The Jenkins admins have turned on and analyzed all logs and nothing appears to be running with my credentials.
It seems to be completely random as well - there are periods where I may go a few hours with no issue, and other times it will lock up every few minutes.
I just can’t think of what else we can possibly look at (I’m not an admin on our Jenkins server but I do have the ability to create/edit pipelines).
Do you have a credential defined with your user and your AD password?
Do you have anywhere something running that connects to the rest api of your Jenkins with your user and password?
The only credential that’s in there is my account to the Jenkins box, and we use the AD plugin to authenticate. I’ve looked at every single job and connection and there is absolutely nothing using my account. Its very strange…
Can your IT department get a log of what systems are being used to login? Sometimes it may not have anything to do with Jenkins, but be some machine that you logged into at one point and has a stale credential. It sounds crazy, but I have seen it!
enable access logs in Jenkins, next time your user gets locked, check if there was an access at that time the user got locked. Then you know at least if it is caused by an external access to Jenkins or is caused by internal usage.