Developers in Windows environments depend on using integrated (i.e. password-less) authentication to connect to network resources like shares, databases, etc. Windows integrated authentication is Kerberos under-the-covers. In order to use integrated authentication, processes must start by explicitly using the account password. This creates a Kerberos ticket that can be used from that server to access network resources.
Please allow an option in the SSH agent configuration that forces Jenkins to start its java.exe process with credentials instead of just forking/starting java.exe. Credentials would then be used twice: once to log into the server, and then again to start the agent.
We have many, many builds that depend on integrated authentication. Unless and until this is implemented, we have to run Jenkins agents as a Windows service, which we would prefer not to do since using SSH is much simpler.
Originally reported by 
splatteredbits, imported from: Allow configuring Jenkins agent on Windows to support Kerberos double hop
- status: Open
- priority: Minor
- component(s): ssh-agent-plugin
- resolution: Unresolved
- votes: 0
- watchers: 1
- imported: 20260604-211335
Raw content of original issue
Developers in Windows environments depend on using integrated (i.e. password-less) authentication to connect to network resources like shares, databases, etc. Windows integrated authentication is Kerberos under-the-covers. In order to use integrated authentication, processes must start by explicitly using the account password. This creates a Kerberos ticket that can be used from that server to access network resources.
Please allow an option in the SSH agent configuration that forces Jenkins to start its java.exe process with credentials instead of just forking/starting java.exe. Credentials would then be used twice: once to log into the server, and then again to start the agent.
We have many, many builds that depend on integrated authentication. Unless and until this is implemented, we have to run Jenkins agents as a Windows service, which we would prefer not to do since using SSH is much simpler.
Developers in Windows environments depend on using integrated (i.e. password-less) authentication to connect to network resources like shares, databases, etc. Windows integrated authentication is Kerberos under-the-covers. In order to use integrated authentication, processes must start by explicitly using the account password. This creates a Kerberos ticket that can be used from that server to access network resources.
Please allow an option in the SSH agent configuration that forces Jenkins to start its java.exe process with credentials instead of just forking/starting java.exe. Credentials would then be used twice: once to log into the server, and then again to start the agent.
We have many, many builds that depend on integrated authentication. Unless and until this is implemented, we have to run Jenkins agents as a Windows service, which we would prefer not to do since using SSH is much simpler.
Originally reported by
splatteredbits, imported from: Allow configuring Jenkins agent on Windows to support Kerberos double hop
Raw content of original issue