Databases
StackOverflow2013
Postsdbo
POHudson fails to use unix user/group to do authentication
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHudson fails to use unix user/group to do authentication
    text
    copied!<p>I'm trying to use unix user/group database as security realm of hudson. The linux server is using NIS for user management. My account could login the hudson server via ssh.</p> <p>And the hudson server is running by user 'hudson' that is also a member of group 'shadow', so hudson could read /etc/shadow. And I tested the configuration using 'test' button, hudson tells me it works well.</p> <p>But I can't use my unix account and password to login the hudson sever.</p> <p>And I found below java exception in the log of hudson,</p> <pre><code>Jan 12, 2011 8:23:42 AM hudson.security.AuthenticationProcessingFilter2 onUnsuccessfulAuthentication INFO: Login attempt failed org.acegisecurity.BadCredentialsException: pam_authenticate failed : Authentication failure; nested exception is org.jvnet.libpam.PAMException: pam_authenticate failed : Authentication failure at hudson.security.PAMSecurityRealm$PAMAuthenticationProvider.authenticate(PAMSecurityRealm.java:100) at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195) at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45) at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:195) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Thread.java:595) Caused by: org.jvnet.libpam.PAMException: pam_authenticate failed : Authentication failure at org.jvnet.libpam.PAM.check(PAM.java:105) at org.jvnet.libpam.PAM.authenticate(PAM.java:123) at hudson.security.PAMSecurityRealm$PAMAuthenticationProvider.authenticate(PAMSecurityRealm.java:90) ... 18 more </code></pre> <p><strong>Update on Jan. 17</strong>,</p> <p>The host is RHEL 4.5, and I created user and group <em>shadow</em>, then add <em>hudson</em> into group <em>shadow</em>.</p> <pre><code>-bash-3.00$ cat /etc/redhat-release Red Hat Enterprise Linux WS release 4 (Nahant Update 5) -bash-3.00$ ll /etc/shadow -r--r----- 1 root shadow 1114 Jan 4 11:37 /etc/shadow -bash-3.00$ cat /etc/group |grep shadow shadow:x:44:hudson </code></pre> <p>I also tried to setup hudson on another RHEL 4.8 host. This time I ran the hudson by root,</p> <pre><code>kzhu0@pek-wb-rhws4_32:~$ ps -ef|grep hudson root 18764 29161 0 Jan14 pts/5 00:00:33 /usr/bin/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DHUDSON_HOME=/var/lib/hudson -jar /usr/lib/hudson/hudson.war --logfile=/var/log/hudson/hudson.log --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 kzhu0 22404 18833 0 10:52 pts/2 00:00:00 grep hudson kzhu0@pek-wb-rhws4_32:~$ cat /etc/redhat-release </code></pre> <p>But I still don't have luck to get unix user/password group work. And I can't find any pam error message in /var/log/messages and /var/log/secure. It looks like hudson throws the exception before actually using pam to get authentication. Red Hat Enterprise Linux WS release 4 (Nahant Update 8)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload