com.sun.grid.security.login.UnixLoginModule

All Implemented Interfaces:: LoginModule

public class UnixLoginModule extends Object implements LoginModule

This LoginModule authenticates a unix user with username and password against the PAM or system authentication system. The username is queried with a NameCallback, the password with a PasswordCallback

After a successfull login this LoginModule adds

a UnixPrincipal of the authenticated user
a UnixNumericUserPrincipal with the user id of the authenticated user
a UnixNumericGroupPrincipal for each group the authenticated user belongs too

to the current subject.

This class uses a Logger for log messages. The name of the Logger is equal to the fullqualified classname of this class.

Options for UnixLoginModule

Option	description
sge_root	path to the gridengine distribution
auth_method	Autehtication method. Valid values are "pam" and "system"
pam_service	Name of the pam service (see man pam(5). Required for PAM authentifcation

Simple jaas config file for PAM authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         sge_root="/opt/sge",
         auth_method="pam";
         pam_service="su";
  };

Simple jaas config file for system authentication

  sample {
   com.sun.grid.security.login.UnixLoginModule requisite
         command="/opt/sge",
         auth_method="system";
  };

Constructor Summary

Constructors

Constructor

Description

UnixLoginModule()
Method Summary

Modifier and Type

Method

Description

boolean

abort()

Abort the login.

boolean

commit()

Commit the login (adds the principals to the subject)

void

initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)

Initialize the UnixLoginModule

boolean

login()

Perform the login.

boolean

logout()

Removes all previously added prinicipals from the subject.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- UnixLoginModule
  
  public UnixLoginModule()
Method Details
- initialize
  
  public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
  
  Initialize the UnixLoginModule
  
  Specified by:
  
  initialize in interface LoginModule
  
  Parameters:
  
  subject - the current subject
  
  callbackHandler - the callbackhandler (must at least handle a NameCallback and a PasswordCallback).
  
  sharedState - not used
  
  options - contains the options for the UnixLoginModule.
- login
  
  public boolean login() throws LoginException
  
  Perform the login.
  Specified by:
  
  login in interface LoginModule
  
  Returns:
  
  true on successfull authentication. false if username of password is invalid.
  
  Throws:
  
  LoginException -
  
  if the callbackhandler reports an error
  
  if some options are missing (please check the jass.config file)
  
  if the underlying authentication system report an error
- commit
  
  public boolean commit()
  
  Commit the login (adds the principals to the subject)
  
  Specified by:
  
  commit in interface LoginModule
  
  Returns:
  
  true of the principals has been added to the subject.
- abort
  
  public boolean abort()
  
  Abort the login.
  
  Specified by:
  
  abort in interface LoginModule
  
  Returns:
  
  Always true
- logout
  
  public boolean logout()
  
  Removes all previously added prinicipals from the subject.
  
  Specified by:
  
  logout in interface LoginModule
  
  Returns:
  
  Always true

Class UnixLoginModule

Options for UnixLoginModule

Simple jaas config file for PAM authentication

Simple jaas config file for system authentication

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

UnixLoginModule

Method Details

initialize

login

commit

abort

logout