Full documentation for SonarQube has moved to a new location: http://docs.sonarqube.org/display/SONAR

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{iframe:src=http://update.sonarsource.org/plugins/pam.html|width=700|height=250|frameborder=0}
Your browser does not support iframes.
{iframe}

Features

The Sonar PAM Plugin enables the delegation of Sonar authentication to underlying PAM subsystem. The plugin works on *nix box with Pluggable Authentication Module (PAM).

...

(tick) Works, tested
(warning) Should work, not tested
(minus)  Does not work

Usage & Installation

  1. Install jpam
    1. Download jpam for your system from here
    2. Alternatively:
      1. Copy the jpam's native library following these directions
      2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
  2. Install Sonar PAM plugin
    1. Place the jar plugin into the /extensions/plugins directory
    2. Make sure that at least one user with global administration role exists in Sonar as well as in the external system
    3. Configure conf/sonar.propertiesby adding and editing the following:

      Code Block
      borderStyledashed
      titlesonar.properties
      #----------------------
      # Sonar PAM Auth Plugin
      #----------------------
      sonar.security.realm: PAM
      
      # Automatically create users (available since Sonar 2.0).
      # When set to true, user will be created after successful authentication, if doesn't exists.
      # The default group affected to new users can be defined online, in Sonar general settings. The default value is "sonar-users".
      # Default is false.
      # sonar.authenticator.createUsers: true
      
  3. Restart Sonar and check logs for:

    Code Block
    borderStyledashed
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm: PAM
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm started
  4. Log in to Sonar

Known

...

Issues

Crash using PAM winbind authentication (pam_winbind.so)

...

  1. Edit /etc/security/pam_winbind.conf:
  2. Set Kerberos authentication:

    Code Block
    borderStyledashed
    title/etc/security/pam_winbind.conf
    #
    # pam_winbind configuration file
    #
    # /etc/security/pam_winbind.conf
    #
    
    [global]
    
    # turn on debugging
    #debug = yes
    
    # request a cached login if possible
    # (needs "winbind offline logon = yes" in smb.conf)
    cached_login = yes
    
    # authenticate using kerberos
    krb5_auth = yes
    
    # when using kerberos, request a "FILE" krb5 credential cache type
    # (leave empty to just do krb5 authentication but not have a ticket
    # afterwards)
    ;krb5_ccache_type = FILE
    
    # make successful authentication dependend on membership of one SID
    # (can also take a name)
    ;require_membership_of =
    

...

Change Log

...

JIRA Issues

ChangeLog

anonymoustrue
titleRelease 0.2
renderModestatic
width900
columnstype;key;summary;priority
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=17263&pid=11911&sorter/field=priority&sorter/order=DESC&tempMax=1000

 

JIRA Issues
anonymoustrue
titleRelease 10.02
heightrenderMode70static
width800900
columnstype;key;summary;priority;status;resolution
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=18999&pid=11911&sorter/field=priority&sorter/order=DESC&tempMax=1000