Package com.sun.grid.security.login
Class UnixLoginModule
java.lang.Object
com.sun.grid.security.login.UnixLoginModule
- All Implemented Interfaces:
LoginModule
This
LoginModule
authenticates a unix user with username
and password against the PAM or system authentication system.
The username is queried with a NameCallback
, the password with
a PasswordCallback
After a successfull login this LoginModule
adds
- a
UnixPrincipal
of the authenticated user - a
UnixNumericUserPrincipal
with the user id of the authenticated user - a
UnixNumericGroupPrincipal
for each group the authenticated user belongs too
This class uses a Logger
for log messages. The name of the Logger
is equal to the fullqualified classname of this class.
Options for UnixLoginModule
Option | description |
---|---|
sge_root | path to the gridengine distribution |
auth_method | Autehtication method. Valid values are "pam" and "system" |
pam_service | Name of the pam service (see man pam(5). Required for PAM authentifcation |
Simple jaas config file for PAM authentication
sample { com.sun.grid.security.login.UnixLoginModule requisite sge_root="/opt/sge", auth_method="pam"; pam_service="su"; };
Simple jaas config file for system authentication
sample { com.sun.grid.security.login.UnixLoginModule requisite command="/opt/sge", auth_method="system"; };
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
abort()
Abort the login.boolean
commit()
Commit the login (adds the principals to the subject)void
initialize
(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize theUnixLoginModule
boolean
login()
Perform the login.boolean
logout()
Removes all previously added prinicipals from the subject.
-
Constructor Details
-
UnixLoginModule
public UnixLoginModule()
-
-
Method Details
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize theUnixLoginModule
- Specified by:
initialize
in interfaceLoginModule
- Parameters:
subject
- the current subjectcallbackHandler
- the callbackhandler (must at least handle aNameCallback
and a PasswordCallback).sharedState
- not usedoptions
- contains the options for theUnixLoginModule
.
-
login
Perform the login.- Specified by:
login
in interfaceLoginModule
- Returns:
true
on successfull authentication.false
if username of password is invalid.- Throws:
LoginException
-- if the callbackhandler reports an error
- if some options are missing (please check the jass.config file)
- if the underlying authentication system report an error
-
commit
public boolean commit()Commit the login (adds the principals to the subject)- Specified by:
commit
in interfaceLoginModule
- Returns:
true
of the principals has been added to the subject.
-
abort
public boolean abort()Abort the login.- Specified by:
abort
in interfaceLoginModule
- Returns:
- Always
true
-
logout
public boolean logout()Removes all previously added prinicipals from the subject.- Specified by:
logout
in interfaceLoginModule
- Returns:
- Always
true
-