-
1. Re: authenticate against underlying Linux OS
starksm64 Sep 2, 2004 1:34 PM (in response to mrchucho)You will have to write your own login module to do the os specific integration as there is no existing one I am aware of.
-
2. Re: authenticate against underlying Linux OS
janoss Dec 16, 2004 10:53 PM (in response to mrchucho)I am looking to use the Linu OS for authentication as well.
Mrchucho, were you successfuk at implementing this? -
3. Re: authenticate against underlying Linux OS
mrchucho Dec 17, 2004 7:58 AM (in response to mrchucho)Actually, i finally was successful. I've been meaning to write up an explanation, but here it is in a nutshell:
1) use SysAuth: http://www.scribblin.gs/software/sysauth.html
2) implement your own subclass of UsernamePasswordLoginModule calling Sysauths's isAllowed method
This assumes you want to use PAM and JBoss's built-in security. I will try and put together some more detailed instructions, because I know that none exist.
RMC -
4. Re: authenticate against underlying Linux OS
janoss Dec 17, 2004 1:29 PM (in response to mrchucho)mrchucho,
I'd appreciate any write up that you come up with. I can guarantee you several others will be interested in the same solution.
I will start reading up on SysAuth. -
5. Re: authenticate against underlying Linux OS
mrchucho Dec 27, 2004 3:22 PM (in response to mrchucho)Sorry it took so long, but I've posted the initial draft of my JBoss Linux Authentication HOWTO.
I'm going to try putting together some of the links I used to figure all this out and maybe organize things better, but in the meantime check it out and let me know if it works/makes sense/helps!
http://www.mrchucho.net/index.php?p=36
RMC -
6. Re: authenticate against underlying Linux OS
janoss Jan 3, 2005 3:36 PM (in response to mrchucho)Excellent. Thanks for writing this up. I will go over it today. I was writing my own JNI C program to use PAM to get to the NIS passwd file. In place of downloading Sysauth. If I can't get mine to work, I may punt and get the Sysauth library.
You should post this on java.sun.com forums as well when finished.
thanks again. -
7. Re: authenticate against underlying Linux OS
mrchucho Jan 3, 2005 5:57 PM (in response to mrchucho)"janoss" wrote:
I was writing my own JNI C program to use PAM to get to the NIS passwd file.
SysAuth uses JNI to access PAM. The authentication is then handled like any other PAM module (e.g. ssh, ftp, login, etc.). You might want to save yourself the duplicated effort. -
8. Re: authenticate against underlying Linux OS
janoss Jan 4, 2005 7:13 PM (in response to mrchucho)Followup on your write up. I am using
auth required pam_unix.so
in the /etc/pam.d java_auth file.
I decided to use Sysauth but am receiving a PAM library load error in the /var/log/messages file:
unable to opendl (/var/lib/security/pam_unix.so)
Not sure what I missed. Once I get this resolved I should be up and running. -
9. Re: authenticate against underlying Linux OS
mrchucho Jan 4, 2005 8:23 PM (in response to mrchucho)It may depend on your distribution... I would check other files in /etc/pam.d (i.e. grep pam_unix.so *) and see how they do it. You may need to prepend some path info. Also, see my note about stacking:
auth required pam_stack.so service=system-auth
This format may be required in some cases. If you get it working, let me know and I will update my HOWTO. -
10. Re: authenticate against underlying Linux OS
janoss Jan 5, 2005 12:48 PM (in response to mrchucho)Got it, my bad. I was using my old JNI-PAM implementation which did not dynamically load the /usr/lib/lib_pam.so library via the dlopen() call. This is needed since PAM does not load the needed shared objects. Once I corrected my links and used the Sysauth stuff, all worked as advertised.
Thanks. Keep your writeup as is. This site should have Duke dollars or Jboss dollars. I owe you.
Jim
Is there anyway to get the Jboss security POC to add your writeup to the JBoss/JAAS security FAQs.