UnixLoginModule

java.lang.Object
- com.sun.grid.security.login.UnixLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public class UnixLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

This LoginModule authenticates a unix user with username and password against the PAM or system authentication system. The username is queried with a NameCallback, the password with a PasswordCallback

After a successfull login this LoginModule adds

a com.sun.security.auth.UnixPrincipal of the authenticated user
a com.sun.security.auth.UnixNumericUserPrincipal with the user id of the authenticated user
a com.sun.security.auth.UnixNumericGroupPrincipal for each group the authenticated user belongs too

to the current subject.

This class uses a Logger for log messages. The name of the Logger is equal to the fullqualified classname of this class.

Options for UnixLoginModule

Option	description
sge_root	path to the gridengine distribution
auth_method	Autehtication method. Valid values are "pam" and "system"
pam_service	Name of the pam service (see man pam(5). Required for PAM authentifcation

Simple jaas config file for PAM authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         sge_root="/opt/sge",
         auth_method="pam";
         pam_service="su";
  };

Simple jaas config file for system authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         command="/opt/sge",
         auth_method="system";
  };

Constructor Summary

Constructors
Constructor and Description

UnixLoginModule()

Constructors
Constructor and Description
`UnixLoginModule()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`abort()` Abort the login.
`boolean`	`commit()` Commit the login (adds the principals to the subject)
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Initialize the `UnixLoginModule`
`boolean`	`login()` Perform the login.
`boolean`	`logout()` Removes all previously added prinicipals from the subject.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - UnixLoginModule
```
public UnixLoginModule()
```
- Method Detail
  - initialize
```
public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
```
    Initialize the UnixLoginModule
    
    Specified by:
    
    initialize in interface javax.security.auth.spi.LoginModule
    
    Parameters:
    
    subject - the current subject
    
    callbackHandler - the callbackhandler (must at least handle a NameCallback and a PasswordCallback).
    
    sharedState - not used
    
    options - contains the options for the UnixLoginModule.
  - login
```
public boolean login()
              throws javax.security.auth.login.LoginException
```
    Perform the login.
    Specified by:
    
    login in interface javax.security.auth.spi.LoginModule
    
    Returns:
    
    true on successfull authentication. false if username of password is invalid.
    
    Throws:
    javax.security.auth.login.LoginException -
    
    if the callbackhandler reports an error
    
    if some options are missing (please check the jass.config file)
    
    if the underlying authentication system report an error
  - commit
```
public boolean commit()
```
    Commit the login (adds the principals to the subject)
    
    Specified by:
    
    commit in interface javax.security.auth.spi.LoginModule
    
    Returns:
    
    true of the principals has been added to the subject.
  - abort
```
public boolean abort()
```
    Abort the login.
    
    Specified by:
    
    abort in interface javax.security.auth.spi.LoginModule
    
    Returns:
    
    Always true
  - logout
```
public boolean logout()
```
    Removes all previously added prinicipals from the subject.
    
    Specified by:
    
    logout in interface javax.security.auth.spi.LoginModule
    
    Returns:
    
    Always true

Class UnixLoginModule

Options for UnixLoginModule

Simple jaas config file for PAM authentication

Simple jaas config file for system authentication

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

UnixLoginModule

Method Detail

initialize

login

commit

abort

logout