Full documentation for SonarQube has moved to a new location: http://docs.sonarqube.org/display/SONAR

Skip to end of metadata
Go to start of metadata

Description / Features

This plugin enables the delegation of SonarQube authentication to underlying PAM subsystem. The plugin works on *nix boxes with the Pluggable Authentication Module (PAM).

Only password-checking is done against PAM. Authorization (access control) is still fully managed in SonarQube. During the first authentication trial, if the password is correct, the SonarQube database is automatically populated with the new user.  The System administrator should assign the user to the desired groups in order to grant him necessary rights. If a password exists in the SonarQube database, it will be ignored because the external system password will override it.

Requirements

OS and Architecture

Works

Linux AMD64

(tick)

Linux i386

(tick)

Mac OS X PPC

(warning)

Solaris sparc

(warning)

Windows all flavours

(minus)

(tick) Works, tested
(warning) Should work, not tested
(minus)  Does not work

Usage & Installation

  1. Install jpam
    1. Download jpam for your system from here
    2. Alternatively:
      1. Copy the jpam's native library following these directions
      2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
  2. Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
  3. Make sure that at least one user with global administration role exists in SonarQube as well as in the external system
  4. Update the SONARQUBE_HOME/conf/sonar.properties file by adding the following lines:

    sonar.properties
  5. Restart SonarQube and check logs for:

  6. Log in to SonarQube

Technical Users

Since SonarQube 4.2, technical users can be set. Technical users are authenticated against SonarQube's own database of users, rather than against any external tool (LDAP, Active Directory, Crowd, etc.).

Similarly, all accounts not flagged as local will be authenticated only against the external tool. By default admin is a technical account. Technical accounts are configured in SONARQUBE_HOME/conf/sonar.properties in the sonar.security.localUsers (default value = admin) property as a comma-separated list.

Known Issues

Crash using PAM winbind authentication (pam_winbind.so)

In case of an unsucessful login for a bad password or a locked account (a bad username does not produce the same issue) you may get this kind of error while using pam winbind authentication:

pam_winbind.so error

In this case SonarQube crashes and restarts automatically.

It appears to be a pam_winbind.so issue. This workaround is available:

  1. Edit /etc/security/pam_winbind.conf:
  2. Set Kerberos authentication:

    /etc/security/pam_winbind.conf
  • No labels