Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install jpam
    1. Download jpam for your system from here
    2. Alternatively:
      1. Copy the jpam's native library following these directions
      2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
  2. Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
  3. Make sure that at least one user with global administration role exists in SonarQube as well as in the external system
  4. Update the SONARQUBE_HOME/conf/sonar.properties file by adding the following lines:

    Code Block
    borderStyledashed
    titlesonar.properties
    borderStyledashed
    sonar.security.realm: PAM
    pam.serviceName=system-auth
    # Automatically create users.
    # When set to true, user will be created after successful authentication, if doesn't exists.
    # The default group affected to new users can be defined online, in SonarQube general settings. The default value is "sonar-users".
    # Default is false.
    sonar.authenticator.createUsers: true
    
  5. Restart SonarQube and check logs for:

    Code Block
    borderStyledashed
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm: PAM
    2012.11.24 20:32:34 INFO  org.sonar.INFO  Security realm started
  6. Log in to SonarQube

Include Page
Include - Technical Users
Include - Technical Users

Known Issues

Crash using PAM winbind authentication (pam_winbind.so)

In case of an unsucessful login for a bad password or a locked account (a bad username does not produce the same issue) you may get this kind of error while using pam winbind authentication:

Code Block
borderStyledashed
titlepam_winbind.so error
borderStyledashed
INFO   | jvm 1    | 2011/03/18 10:06:10 | *** glibc detected *** java: free(): invalid pointer: 0x00002aaadc000168 ***
INFO   | jvm 1    | 2011/03/18 10:06:10 | ======= Backtrace: =========
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libc.so.6[0x3b9527245f]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libc.so.6(cfree+0x4b)[0x3b952728bb]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so[0x2aaadaddc8f9]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so[0x2aaadaddee4c]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/security/pam_winbind.so(pam_sm_authenticate+0x304)[0x2aaadaddf9e4]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libpam.so.0(_pam_dispatch+0x277)[0x3b97e02dc7]
INFO   | jvm 1    | 2011/03/18 10:06:10 | /lib64/libpam.so.0(pam_authenticate+0x42)[0x3b97e026d2]

...

  1. Edit /etc/security/pam_winbind.conf:
  2. Set Kerberos authentication:

    Code Block
    borderStyledashed
    title/etc/security/pam_winbind.conf
    borderStyledashed
    #
    # pam_winbind configuration file
    #
    # /etc/security/pam_winbind.conf
    #
    
    [global]
    
    # turn on debugging
    #debug = yes
    
    # request a cached login if possible
    # (needs "winbind offline logon = yes" in smb.conf)
    cached_login = yes
    
    # authenticate using kerberos
    krb5_auth = yes
    
    # when using kerberos, request a "FILE" krb5 credential cache type
    # (leave empty to just do krb5 authentication but not have a ticket
    # afterwards)
    ;krb5_ccache_type = FILE
    
    # make successful authentication dependend on membership of one SID
    # (can also take a name)
    ;require_membership_of =
    

...