com.sun.grid.security.login

Class UnixLoginModule

java.lang.Object

com.sun.grid.security.login.UnixLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

public class UnixLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

This LoginModule authenticates a unix user with username and password against the PAM or system authentication system. The username is queried with a NameCallback, the password with a PasswordCallback

After a successfull login this LoginModule adds

• a com.sun.security.auth.UnixPrincipal of the authenticated user
• a com.sun.security.auth.UnixNumericUserPrincipal with the user id of the authenticated user
• a com.sun.security.auth.UnixNumericGroupPrincipal for each group the authenticated user belongs too

to the current subject.

This class uses a Logger for log messages. The name of the Logger is equal to the fullqualified classname of this class.

Options for UnixLoginModule

Option	description
sge_root	path to the gridengine distribution
auth_method	Autehtication method. Valid values are "pam" and "system"
pam_service	Name of the pam service (see man pam(5). Required for PAM authentifcation

Simple jaas config file for PAM authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         sge_root="/opt/sge",
         auth_method="pam";
         pam_service="su";
  };
 

Simple jaas config file for system authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         command="/opt/sge",
         auth_method="system";
  };
 

Constructor Summary

Constructors

Constructor and Description
UnixLoginModule()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	abort() Abort the login.
boolean	commit() Commit the login (adds the principals to the subject)
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) Initialize the UnixLoginModule
boolean	login() Perform the login.
boolean	logout() Removes all previously added prinicipals from the subject.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UnixLoginModule

public UnixLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
              javax.security.auth.callback.CallbackHandler callbackHandler,
              java.util.Map sharedState,
              java.util.Map options)

Initialize the UnixLoginModule

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Parameters:

subject - the current subject

callbackHandler - the callbackhandler (must at least handle a NameCallback and a PasswordCallback).

sharedState - not used

options - contains the options for the UnixLoginModule.

login

public boolean login()
              throws javax.security.auth.login.LoginException

Perform the login.

Specified by:

login in interface javax.security.auth.spi.LoginModule

Returns:

true on successfull authentication. false if username of password is invalid.

Throws:

javax.security.auth.login.LoginException -

• if the callbackhandler reports an error
• if some options are missing (please check the jass.config file)
• if the underlying authentication system report an error

commit

public boolean commit()

Commit the login (adds the principals to the subject)

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Returns:

true of the principals has been added to the subject.

abort

public boolean abort()

Abort the login.

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Returns:

Always true

logout

public boolean logout()

Removes all previously added prinicipals from the subject.

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Returns:

Always true