You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@zeppelin.apache.org by igyu <ig...@21cn.com> on 2021/05/24 07:25:24 UTC

How can I use PAM authentication

I copy shiro.ini.template to shiro.ini
modify shiro.ini
 
#[users]
#admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
 ………………………………………………………………
 #A sample PAM configuration
pamRealm=org.apache.zeppelin.realm.PamRealm
pamRealm.service=zeppelin

in /etc/pam.d/zeppelin
#%PAM-1.0
#This file is auto-generated.
#User changes will be destroyed the next time authconfig is run.
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
#auth required pam_deny.so
#
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
 
but only "jzyc" user can login, other users get error "The username and password that you entered don't match."
I ensure username and passowd is correct.
 
if I use "pamRealm.service=sshd"
also only "jzyc" use can login,
I ensure "read_hive" user can ssh, but "read_hive" can't login zeppelin




igyu

Re: How can I use PAM authentication

Posted by Sam Nicholson <sa...@ogt11.com>.

What are user jzyc's uid and gid on the system?

I'm no Linux PAM guru, but :
"auth requisite pam_succeed_if.so uid >= 1000"
and
"account sufficient pam_succeed_if.so uid < 1000 quiet"

seem to be in contradiction with each other, and being in
/etc/pam.d/zeppelin, it wouldn't affect ssh.

Cheers!
-sam

On Mon, May 24, 2021, 03:25 igyu <ig...@21cn.com> wrote:

> I copy shiro.ini.template to shiro.ini
>
> modify shiro.ini
>
>
>
> #[users]
>
> #admin = password1, admin
>
> #user1 = password2, role1, role2
>
> #user2 = password3, role3
>
> #user3 = password4, role2
>
>  ………………………………………………………………
>
>  #A sample PAM configuration
> pamRealm=org.apache.zeppelin.realm.PamRealm
> pamRealm.service=zeppelin
>
>
> in /etc/pam.d/zeppelin
>
> #%PAM-1.0
>
> #This file is auto-generated.
>
> #User changes will be destroyed the next time authconfig is run.
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 1000 quiet_success
> #auth required pam_deny.so
> #
> account required pam_unix.so
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 1000 quiet
> account required pam_permit.so
>
>
>
> but only "jzyc" user can login, other users get error "The username and
> password that you entered don't match."
>
> I ensure username and passowd is correct.
>
>
>
> if I use "pamRealm.service=sshd"
>
> also only "jzyc" use can login,
>
> I ensure "read_hive" user can ssh, but "read_hive" can't login zeppelin
>
>
>
> ------------------------------
> igyu
>