Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{iframe:src=http://update.sonarsource.org/plugins/pam.html|width=700|height=250|frameborder=0}
Your browser does not support iframes.
{iframe}

Description / Features

The Sonar PAM Plugin This plugin enables the delegation of Sonar SonarQubeTM authentication to underlying PAM subsystem. The plugin works on *nix box with Pluggable Authentication Module (PAM).

Only password-checking is done against PAM. Authorization (access control) is still fully managed in SonarSonarQubeTM. A Sonar SonarQubeTM account must be created first for each new user wishing to use SonarSonarQubeTM. The Sonar System administrator should also assign the user to the desired groups in order to grant him necessary rights. If exists, the password in the Sonar SonarQubeTM account will be ignored as the external system password will override it.

...

Usage & Installation

  1. Install jpam
    1. Download jpam for your system from here
    2. Alternatively:
      1. Copy the jpam's native library following these directions
      2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
  2. Install Sonar SonarQubeTM PAM plugin
    1. Place the jar plugin into the /extensions/plugins directory
    2. Make sure that at least one user with global administration role exists in Sonar SonarQubeTM as well as in the external system
    3. Configure Update the SONARQUBE_HOME/conf/sonar.properties file by adding and editing the following lines:

      Code Block
      borderStyledashed
      titlesonar.properties
      #----------------------
      # Sonar PAM Auth Plugin
      #----------------------
      sonar.security.realm: PAM
      
      # Automatically create users (available since Sonar 2.0).
      # When set to true, user will be created after successful authentication, if doesn't exists.
      # The default group affected to new users can be defined online, in SonarSonarQube general settings. The default value is "sonar-users".
      # Default is false.
      # sonar.authenticator.createUsers: true
      
  3. Restart Sonar SonarQubeTM and check logs for:

    Code Block
    borderStyledashed
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm: PAM
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm started
  4. Log in to SonarSonarQubeTM

Known Issues

Crash using PAM winbind authentication (pam_winbind.so)

...

Code Block
borderStyledashed
titlepam_winbind.so error
INFO   | jvm 1    | 2011/03/18 10:06:10 | *** glibc detected *** java: free(): invalid pointer: 0x00002aaadc000168 ***
INFO   | jvm 1    | 2011/03/18 10:06:10 | ======= Backtrace: =========
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libc.so.6[0x3b9527245f]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libc.so.6(cfree+0x4b)[0x3b952728bb]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so[0x2aaadaddc8f9]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so[0x2aaadaddee4c]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so(pam_sm_authenticate+0x304)[0x2aaadaddf9e4]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libpam.so.0(_pam_dispatch+0x277)[0x3b97e02dc7]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libpam.so.0(pam_authenticate+0x42)[0x3b97e026d2]

In this case Sonar SonarQubeTM crashes and restart restarts automatically.

As far as I understand it's a pam_winbind.so issue. I've found this workaround:

...