> On May 3, 2017, 5:08 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java > > Lines 79 (patched) > > <https://reviews.apache.org/r/58968/diff/1/?file=1707168#file1707168line79> > > > > There are other User types - LDAP and JWT. You should check to see if > > any user exists with the username. If the existing user is not a PAM user > > the failure should occur. > > > > For example: > > ``` > > UserEntitiy foundUser = userDAO.findUserByName(username)' > > if((foundUser != null) && (foundUser.getUserType != UserType.PAM)) { > > ... Fail ... > > } > > ``` > > Tim Thorpe wrote: > Hi Robert, I'm not sure I'm following your logic here. My interpretation > is that the PAM users will not be found using the > UserDAO.findLocalUserByName(String userName) method. So basically the > getUserType() != UserType.PAM is unnecessary. Although it wouldn't hurt.
Hi Tim, Robert means that I should look for all user types like (Local/ldap/jwt), I am aware ldap cannot be enabled when pam is enabled, but jwt users can exist when pam is enabled. That should be the reason why he wants me to look for all the users. - Anita ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58968/#review173752 ----------------------------------------------------------- On May 3, 2017, 4:48 p.m., Anita Jebaraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58968/ > ----------------------------------------------------------- > > (Updated May 3, 2017, 4:48 p.m.) > > > Review request for Ambari, Attila Doroszlai, Di Li, Robert Levas, and Tim > Thorpe. > > > Bugs: AMBARI-20909 > https://issues.apache.org/jira/browse/AMBARI-20909 > > > Repository: ambari > > > Description > ------- > > Create a local user "test" in Ambari > > Create a system user "test" with different password > > Trying to authenticate via pam in Ambari UI as user "test" throws Server > Error in Ambari UI, without any error in Ambari-server logs > > Also the UI gets stalled and not even able to login as admin user unless the > browser cache is removed or Ambari UI is opened in a new browser page > > Ambari doesn't allow creating users with same user name but different > types(Local/pam), We reach the pam authentication only when the local user > authentication failed due to non-existing userid or incorrect password, So if > local user exists do not attempt to authenticate via PAM, This lets Ambari to > avoid importing duplicate userid into the database > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java > b3fb861 > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java > b7272c5 > > > Diff: https://reviews.apache.org/r/58968/diff/1/ > > > Testing > ------- > > Updated the related test cases > > > Thanks, > > Anita Jebaraj > >
