Versions Compared

Old Version 34

changes.mady.by.user Marco Tizzoni

Saved on

compared with

New Version 35

changes.mady.by.user David RACODON

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{iframe:src=http://update.sonarsource.org/plugins/pam.html|width=700|height=250|frameborder=0}
Your browser does not support iframes.
{iframe}

Features

The Sonar PAM Plugin enables the delegation of Sonar authentication to underlying PAM subsystem. The plugin works on *nix box with Pluggable Authentication Module (PAM).

...

(tick) Works, tested
(warning) Should work, not tested
(minus)  Does not work

Usage & Installation

  1. Install jpam
    1. Download jpam for your system from here
    2. Alternatively:
      1. Copy the jpam's native library following these directions
      2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
  2. Install Sonar PAM plugin
    1. Place the jar plugin into the /extensions/plugins directory
    2. Make sure that at least one user with global administration role exists in Sonar as well as in the external system

    3. Configure conf/sonar.propertiesby adding and editing the following:

      Code Block
      borderStyledashed
      titlesonar.properties
      #----------------------
# Sonar PAM Auth Plugin
#----------------------
sonar.security.realm: PAM

# Automatically create users (available since Sonar 2.0).
# When set to true, user will be created after successful authentication, if doesn't exists.
# The default group affected to new users can be defined online, in Sonar general settings. The default value is "sonar-users".
# Default is false.
# sonar.authenticator.createUsers: true

  3. Restart Sonar and check logs for:

    Code Block
    borderStyledashed
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm: PAM
2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm started
  4. Log in to Sonar

Known

...

Issues

Crash using PAM winbind authentication (pam_winbind.so)

...

  1. Edit /etc/security/pam_winbind.conf:

  2. Set Kerberos authentication:

    Code Block
    borderStyledashed
    title/etc/security/pam_winbind.conf
    #
# pam_winbind configuration file
#
# /etc/security/pam_winbind.conf
#

[global]

# turn on debugging
#debug = yes

# request a cached login if possible
# (needs "winbind offline logon = yes" in smb.conf)
cached_login = yes

# authenticate using kerberos
krb5_auth = yes

# when using kerberos, request a "FILE" krb5 credential cache type
# (leave empty to just do krb5 authentication but not have a ticket
# afterwards)
;krb5_ccache_type = FILE

# make successful authentication dependend on membership of one SID
# (can also take a name)
;require_membership_of =

...

Change Log

...

JIRA Issues

ChangeLog

anonymoustrue
titleRelease 0.2
renderModestatic
width900
columnstype;key;summary;priority
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=17263&pid=11911&sorter/field=priority&sorter/order=DESC&tempMax=1000

 

JIRA Issues
anonymoustrue
titleRelease 10.02
heightrenderMode70static
width800900
columnstype;key;summary;priority;status;resolution
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=18999&pid=11911&sorter/field=priority&sorter/order=DESC&tempMax=1000