Class UnixLoginModule

java.lang.Object
com.sun.grid.security.login.UnixLoginModule
All Implemented Interfaces:
LoginModule

public class UnixLoginModule extends Object implements LoginModule
This LoginModule authenticates a unix user with username and password against the PAM or system authentication system. The username is queried with a NameCallback, the password with a PasswordCallback

After a successfull login this LoginModule adds

  • a UnixPrincipal of the authenticated user
  • a UnixNumericUserPrincipal with the user id of the authenticated user
  • a UnixNumericGroupPrincipal for each group the authenticated user belongs too
to the current subject.

This class uses a Logger for log messages. The name of the Logger is equal to the fullqualified classname of this class.

Options for UnixLoginModule

Optiondescription
sge_root path to the gridengine distribution
auth_method Autehtication method. Valid values are "pam" and "system"
pam_service Name of the pam service (see man pam(5). Required for PAM authentifcation

Simple jaas config file for PAM authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         sge_root="/opt/sge",
         auth_method="pam";
         pam_service="su";
  };
 

Simple jaas config file for system authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         command="/opt/sge",
         auth_method="system";
  };
 
  • Constructor Details

    • UnixLoginModule

      public UnixLoginModule()
  • Method Details

    • initialize

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
      Initialize the UnixLoginModule
      Specified by:
      initialize in interface LoginModule
      Parameters:
      subject - the current subject
      callbackHandler - the callbackhandler (must at least handle a NameCallback and a PasswordCallback).
      sharedState - not used
      options - contains the options for the UnixLoginModule.
    • login

      public boolean login() throws LoginException
      Perform the login.
      Specified by:
      login in interface LoginModule
      Returns:
      true on successfull authentication. false if username of password is invalid.
      Throws:
      LoginException -
      • if the callbackhandler reports an error
      • if some options are missing (please check the jass.config file)
      • if the underlying authentication system report an error
    • commit

      public boolean commit()
      Commit the login (adds the principals to the subject)
      Specified by:
      commit in interface LoginModule
      Returns:
      true of the principals has been added to the subject.
    • abort

      public boolean abort()
      Abort the login.
      Specified by:
      abort in interface LoginModule
      Returns:
      Always true
    • logout

      public boolean logout()
      Removes all previously added prinicipals from the subject.
      Specified by:
      logout in interface LoginModule
      Returns:
      Always true