com.ibm.security.auth.module
Class LinuxLoginModule

java.lang.Object
  extended by com.ibm.security.auth.module.LinuxLoginModule
All Implemented Interfaces:
LoginModule

public class LinuxLoginModule
extends java.lang.Object
implements LoginModule

This LoginModule imports a user's Linux Principal information (LinuxPrincipal, LinuxNumericUserPrincipal, and LinuxNumericGroupPrincipal) and associates them with the current Subject.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

This class will be replaced by LinuxLoginModule2000 in future releases of JAAS.

Author:
D. Kent Soper

Constructor Summary
LinuxLoginModule()
           
 
Method Summary
 boolean abort()
          Abort the authentication (second phase).
 boolean commit()
          Commit the authentication (second phase).
 void initialize(Subject subject, CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
          Initialize this LoginModule.
 boolean login()
          Authenticate the user (first phase).
 boolean logout()
          Logout the user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LinuxLoginModule

public LinuxLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,?> sharedState,
                       java.util.Map<java.lang.String,?> options)
Initialize this LoginModule.

Specified by:
initialize in interface LoginModule
Parameters:
subject - the Subject to be authenticated.

callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

sharedState - shared LoginModule state.

options - options specified in the login Configuration for this particular LoginModule.

login

public boolean login()
              throws LoginException
Authenticate the user (first phase).

The implementation of this method attempts to retrieve the user's Linux Subject information by making a native Linux system call.

Specified by:
login in interface LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
FailedLoginException - if attempts to retrieve the underlying system information fail.
LoginException - if the authentication fails

commit

public boolean commit()
               throws LoginException
Commit the authentication (second phase).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (the importing of the Linux authentication information succeeded), then this method associates the Linux Principals with the Subject currently tied to the LoginModule. If this LoginModule's authentication attempted failed, then this method removes any state that was originally saved.

Specified by:
commit in interface LoginModule
Returns:
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws:
LoginException - if the commit fails.

abort

public boolean abort()
              throws LoginException
Abort the authentication (second phase).

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

This method cleans up any state that was originally saved as part of the authentication attempt from the login and commit methods.

Specified by:
abort in interface LoginModule
Returns:
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws:
LoginException - if the abort fails.

logout

public boolean logout()
               throws LoginException
Logout the user.

This method removes the Principals associated with the Subject.

Specified by:
logout in interface LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
LoginException - if the logout fails.