Re: Review Request 58968: Server Error in Ambari UI, when trying to login as a pam user due to user name conflict

Wed, 03 May 2017 10:09:13 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58968/#review173752
-----------------------------------------------------------




ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
Lines 79 (patched)
<https://reviews.apache.org/r/58968/#comment246791>

    There are other User types - LDAP and JWT.  You should check to see if any 
user exists with the username. If the existing user is not a PAM user the 
failure should occur.  
    
    For example:
    ```
    UserEntitiy foundUser = userDAO.findUserByName(username)'
    if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) {
    ... Fail ...
    }
    ```


- Robert Levas


On May 3, 2017, 12:48 p.m., Anita Jebaraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58968/
> -----------------------------------------------------------
> 
> (Updated May 3, 2017, 12:48 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim 
> Thorpe.
> 
> 
> Bugs: AMBARI-20909
>     https://issues.apache.org/jira/browse/AMBARI-20909
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create a local user "test" in Ambari
> 
> Create a system user "test" with different password
> 
> Trying to authenticate via pam in Ambari UI as user "test" throws Server 
> Error in Ambari UI, without any error in Ambari-server logs
> 
> Also the UI gets stalled and not even able to login as admin user unless the 
> browser cache is removed or Ambari UI is opened in a new browser page
> 
> Ambari doesn't allow creating users with same user name but different 
> types(Local/pam), We reach the pam authentication only when the local user 
> authentication failed due to non-existing userid or incorrect password, So if 
> local user exists do not attempt to authenticate via PAM, This lets Ambari to 
> avoid importing duplicate userid into the database
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  b3fb861 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  b7272c5 
> 
> 
> Diff: https://reviews.apache.org/r/58968/diff/1/
> 
> 
> Testing
> -------
> 
> Updated the related test cases
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Reply via email to