Description / Features

This plugin enables the delegation of SonarQubeauthentication to underlying PAM subsystem. The plugin works on *nix box with Pluggable Authentication Module (PAM).

Only password-checking is done against PAM. Authorization (access control) is still fully managed in SonarQube. A SonarQube account must be created first for each new user wishing to use SonarQube. The System administrator should also assign the user to the desired groups in order to grant him necessary rights. If exists, the password in the SonarQubeaccount will be ignored as the external system password will override it.

Works on

OS and Architecture	Works
Linux AMD64
Linux i386
Mac OS X PPC
Solaris sparc
Windows all flavours

Works, tested
Should work, not tested
Does not work

Usage & Installation

Install jpam
1. Download jpam for your system from here
2. Alternatively:
  1. Copy the jpam's native library following these directions
  2. Copy the jpam's native libray in sonar/bin/<your arch>/lib
Install SonarQube PAM plugin
1. Place the jar plugin into the /extensions/plugins directory
2. Make sure that at least one user with global administration role exists in SonarQubeas well as in the external system
3. Update the SONARQUBE_HOME/conf/sonar.properties file by adding the following lines:
  sonar.properties
Restart SonarQube and check logs for:
Log in to SonarQube

Known Issues

Crash using PAM winbind authentication (pam_winbind.so)

In case of unsucessful login for wrong password/locked out account (wrong username does not produce the same issue) you may get this kind of error while using pam winbind authentication:

pam_winbind.so error

In this case SonarQube crashes and restarts automatically.

As far as I understand it's a pam_winbind.so issue. I've found this workaround:

Edit /etc/security/pam_winbind.conf:
Set Kerberos authentication:
/etc/security/pam_winbind.conf

Change Log

Release 0.2 (1 issues)

Type

Key

Summary

Priority

SONARPLUGINS-2426

Update PAM plugin to support latest APIs

Release 0.1 (1 issues)