Login failed when using AD credentials from the command line

• 
  Sorry, this isn't possible (yet).
  
  Is there any chance you can try using runas from the command line? Out of interest, what is kicking off the automation? If it's TeamCity, would it be a question of running the agent with a user that has the privileges you need?
  
  David Atkinson
  Product Manager
  Red Gate

  David Atkinson May 21, 2012 12:40

  - 0 +
• 
  Hi David, yes, it's from TeamCity. The problem with using the identity the agent runs under is that any build can then deploy to any location the agent's account has access to. For example, if both project A and project B use the agent's identity to deploy to their DB then there's nothing stopping the owner of project A configuring their deployment target to be the location of project B.
  
  This is mostly a problem when the build server is used for multiple autonomous projects. Basically the only way you can segregate out access rights is to specify credentials on a per-build basis which is why I wanted to pass these to the command line. It's not a biggie, it just means automation needs to happen using SQL logins instead of AD.
  
  Thanks for clarifying!

  troyhunt May 22, 2012 02:55

  - 0 +
• 
  Have you tried this using the "runas" command line? Using SQL Server credentials would mean exposing them in cleartext in TeamCity or NAnt scripts, which is generally undesirable.

  David Atkinson May 22, 2012 03:48

  - 0 +
• 
  Actually, as of TeamCity 7, passwords can be masked: http://youtrack.jetbrains.com/issue/TW-759
  
  By adding an environment parameter of type "password" you can include the credentials in the build without disclosing them through any UIs.

  troyhunt May 22, 2012 04:34

  - 0 +
• 
  Nice. I wasn't aware of that.

  David Atkinson May 22, 2012 04:48

  - 0 +

Add comment

Please sign in to leave a comment.