You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Anita Jebaraj <aj...@us.ibm.com> on 2017/05/03 16:48:34 UTC
Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/
-----------------------------------------------------------
Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
Bugs: AMBARI-20909
https://issues.apache.org/jira/browse/AMBARI-20909
Repository: ambari
Description
-------
Create a local user "test" in Ambari
Create a system user "test" with different password
Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
Diff: https://reviews.apache.org/r/58968/diff/1/
Testing
-------
Updated the related test cases
Thanks,
Anita Jebaraj
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Robert Levas <rl...@hortonworks.com>.
> On May 3, 2017, 2:54 p.m., Robert Levas wrote:
> > Ship It!
>
> Anita Jebaraj wrote:
> Thank you Robert, please help in pushing the changes
Committed to trunk
```
commit 7cc5e9e220b82052256a352f0e65323f2b1bc962
Author: Anita Jebaraj <aj...@us.ibm.com>
Date: Thu May 4 15:43:33 2017 -0400
```
Committed to branch-2.5
```
commit f8f8abbbbad230c574d8bcdb971ea59900a8dc7a
Author: Anita Jebaraj <aj...@us.ibm.com>
Date: Thu May 4 15:45:37 2017 -0400
```
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173790
-----------------------------------------------------------
On May 3, 2017, 2:24 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 2:24 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/2/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> File Attachments
> ----------------
>
> Ambari-20909-Branch2.5.patch
> https://reviews.apache.org/media/uploaded/files/2017/05/03/3899b0bb-110a-449b-a401-4ba0576957fc__AMBARI-20909-Branch2.5.patch
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Anita Jebaraj <aj...@us.ibm.com>.
> On May 3, 2017, 6:54 p.m., Robert Levas wrote:
> > Ship It!
Thank you Robert, please help in pushing the changes
- Anita
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173790
-----------------------------------------------------------
On May 3, 2017, 6:24 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 6:24 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/2/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173790
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On May 3, 2017, 2:24 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 2:24 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/2/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Tim Thorpe <tt...@ca.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173791
-----------------------------------------------------------
Ship it!
Ship It!
- Tim Thorpe
On May 3, 2017, 6:24 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 6:24 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/2/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Anita Jebaraj <aj...@us.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/
-----------------------------------------------------------
(Updated May 3, 2017, 6:24 p.m.)
Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
Bugs: AMBARI-20909
https://issues.apache.org/jira/browse/AMBARI-20909
Repository: ambari
Description
-------
Create a local user "test" in Ambari
Create a system user "test" with different password
Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
Diff: https://reviews.apache.org/r/58968/diff/2/
Changes: https://reviews.apache.org/r/58968/diff/1-2/
Testing
-------
Updated the related test cases
Thanks,
Anita Jebaraj
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Di Li <di...@ca.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173746
-----------------------------------------------------------
Ship it!
Ship It!
- Di Li
On May 3, 2017, 4:48 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 4:48 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/1/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Anita Jebaraj <aj...@us.ibm.com>.
> On May 3, 2017, 5:08 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
> > Lines 79 (patched)
> > <https://reviews.apache.org/r/58968/diff/1/?file=1707168#file1707168line79>
> >
> > There are other User types - LDAP and JWT. You should check to see if any user exists with the username. If the existing user is not a PAM user the failure should occur.
> >
> > For example:
> > ```
> > UserEntitiy foundUser = userDAO.findUserByName(username)'
> > if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
> > ... Fail ...
> > }
> > ```
>
> Tim Thorpe wrote:
> Hi Robert, I'm not sure I'm following your logic here. My interpretation is that the PAM users will not be found using the UserDAO.findLocalUserByName(String userName) method. So basically the getUserType() != UserType.PAM is unnecessary. Although it wouldn't hurt.
>
> Anita Jebaraj wrote:
> Hi Tim, Robert means that I should look for all user types like (Local/ldap/jwt), I am aware ldap cannot be enabled when pam is enabled, but jwt users can exist when pam is enabled. That should be the reason why he wants me to look for all the users.
>
> Tim Thorpe wrote:
> Sorry missed the part where you changed findLocalUserByName to findUserByName. That makes sense now.
Hi Robert, please review the new patch
- Anita
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------
On May 3, 2017, 6:24 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 6:24 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/2/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Anita Jebaraj <aj...@us.ibm.com>.
> On May 3, 2017, 5:08 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
> > Lines 79 (patched)
> > <https://reviews.apache.org/r/58968/diff/1/?file=1707168#file1707168line79>
> >
> > There are other User types - LDAP and JWT. You should check to see if any user exists with the username. If the existing user is not a PAM user the failure should occur.
> >
> > For example:
> > ```
> > UserEntitiy foundUser = userDAO.findUserByName(username)'
> > if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
> > ... Fail ...
> > }
> > ```
>
> Tim Thorpe wrote:
> Hi Robert, I'm not sure I'm following your logic here. My interpretation is that the PAM users will not be found using the UserDAO.findLocalUserByName(String userName) method. So basically the getUserType() != UserType.PAM is unnecessary. Although it wouldn't hurt.
Hi Tim, Robert means that I should look for all user types like (Local/ldap/jwt), I am aware ldap cannot be enabled when pam is enabled, but jwt users can exist when pam is enabled. That should be the reason why he wants me to look for all the users.
- Anita
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------
On May 3, 2017, 4:48 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 4:48 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/1/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Tim Thorpe <tt...@ca.ibm.com>.
> On May 3, 2017, 5:08 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
> > Lines 79 (patched)
> > <https://reviews.apache.org/r/58968/diff/1/?file=1707168#file1707168line79>
> >
> > There are other User types - LDAP and JWT. You should check to see if any user exists with the username. If the existing user is not a PAM user the failure should occur.
> >
> > For example:
> > ```
> > UserEntitiy foundUser = userDAO.findUserByName(username)'
> > if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
> > ... Fail ...
> > }
> > ```
>
> Tim Thorpe wrote:
> Hi Robert, I'm not sure I'm following your logic here. My interpretation is that the PAM users will not be found using the UserDAO.findLocalUserByName(String userName) method. So basically the getUserType() != UserType.PAM is unnecessary. Although it wouldn't hurt.
>
> Anita Jebaraj wrote:
> Hi Tim, Robert means that I should look for all user types like (Local/ldap/jwt), I am aware ldap cannot be enabled when pam is enabled, but jwt users can exist when pam is enabled. That should be the reason why he wants me to look for all the users.
Sorry missed the part where you changed findLocalUserByName to findUserByName. That makes sense now.
- Tim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------
On May 3, 2017, 4:48 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 4:48 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/1/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Tim Thorpe <tt...@ca.ibm.com>.
> On May 3, 2017, 5:08 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
> > Lines 79 (patched)
> > <https://reviews.apache.org/r/58968/diff/1/?file=1707168#file1707168line79>
> >
> > There are other User types - LDAP and JWT. You should check to see if any user exists with the username. If the existing user is not a PAM user the failure should occur.
> >
> > For example:
> > ```
> > UserEntitiy foundUser = userDAO.findUserByName(username)'
> > if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
> > ... Fail ...
> > }
> > ```
Hi Robert, I'm not sure I'm following your logic here. My interpretation is that the PAM users will not be found using the UserDAO.findLocalUserByName(String userName) method. So basically the getUserType() != UserType.PAM is unnecessary. Although it wouldn't hurt.
- Tim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------
On May 3, 2017, 4:48 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 4:48 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/1/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>
Re: Review Request 58968: Server Error in Ambari UI,
when trying to login as a pam user due to user name conflict
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
Lines 79 (patched)
<https://reviews.apache.org/r/58968/#comment246791>
There are other User types - LDAP and JWT. You should check to see if any user exists with the username. If the existing user is not a PAM user the failure should occur.
For example:
```
UserEntitiy foundUser = userDAO.findUserByName(username)'
if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
... Fail ...
}
```
- Robert Levas
On May 3, 2017, 12:48 p.m., Anita Jebaraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
>
> (Updated May 3, 2017, 12:48 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim Thorpe.
>
>
> Bugs: AMBARI-20909
> https://issues.apache.org/jira/browse/AMBARI-20909
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create a local user "test" in Ambari
>
> Create a system user "test" with different password
>
> Trying to authenticate via pam in Ambari UI as user "test" throws Server Error in Ambari UI, without any error in Ambari-server logs
>
> Also the UI gets stalled and not even able to login as admin user unless the browser cache is removed or Ambari UI is opened in a new browser page
>
> Ambari doesn't allow creating users with same user name but different types(Local/pam), We reach the pam authentication only when the local user authentication failed due to non-existing userid or incorrect password, So if local user exists do not attempt to authenticate via PAM, This lets Ambari to avoid importing duplicate userid into the database
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b3fb861
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b7272c5
>
>
> Diff: https://reviews.apache.org/r/58968/diff/1/
>
>
> Testing
> -------
>
> Updated the related test cases
>
>
> Thanks,
>
> Anita Jebaraj
>
>