Skip to content
Browse files
[FIXED JENKINS-9094] "Remember me" doesn't work with PAM
  • Loading branch information
kohsuke committed Apr 7, 2011
1 parent c7febe6 commit 531b86f97b30beb211ad17153e315c016b80e3c9
Showing with 64 additions and 9 deletions.
  1. +13 −0 changelog.html
  2. +1 −1 core/pom.xml
  3. +18 −8 core/src/main/java/hudson/security/
  4. +32 −0 test/src/test/java/hudson/security/
@@ -64,6 +64,19 @@
<li class=bug>
When both "block build when upstream/downstream is building" are checked, the upstream block check wasn't taking effect.
(<a href="">issue 8968</a>)
<li class=bug>
A project aggregating tests without any tests itself should now link properly
to latest aggregated results, rather than broken link to non-existent test
<li class=bug>
Initial position of the "build time" timeline was off by one day
(<a href="">issue 8865</a>)
<li class=bug>
Build list tables had "Date" as column label, but actual content of the column was "Time Since".
(<a href="">issue 9102</a>)
<li class=bug>
PAM authentication fails to restore group membership information on "remember me" tokens.
(<a href="">issue 9094</a>)
<li class=rfe>
Added the <tt>--mimeTypes</tt> command line option to define additional MIME type mappings.
<li class=rfe>
@@ -763,7 +763,7 @@ THE SOFTWARE.
@@ -88,11 +88,7 @@ public Authentication authenticate(Authentication authentication) throws Authent

try {
UnixUser u = new PAM(serviceName).authenticate(username, password);
Set<String> grps = u.getGroups();
GrantedAuthority[] groups = new GrantedAuthority[grps.size()];
int i=0;
for (String g : grps)
groups[i++] = new GrantedAuthorityImpl(g);
GrantedAuthority[] groups = toAuthorities(u);

// I never understood why Acegi insists on keeping the password...
return new UsernamePasswordAuthenticationToken(username, password, groups);
@@ -119,14 +115,28 @@ public SecurityComponents createSecurityComponents() {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
throw new UsernameNotFoundException("No such Unix user: "+username);
// return some dummy instance
return new User(username,"",true,true,true,true,
new GrantedAuthority[]{AUTHENTICATED_AUTHORITY});
try {
UnixUser uu = new UnixUser(username);
// return some dummy instance
return new User(username,"",true,true,true,true, toAuthorities(uu));
} catch (PAMException e) {
throw new UsernameNotFoundException("Failed to load information about Unix user "+username,e);

private static GrantedAuthority[] toAuthorities(UnixUser u) {
Set<String> grps = u.getGroups();
GrantedAuthority[] groups = new GrantedAuthority[grps.size()+1];
int i=0;
for (String g : grps)
groups[i++] = new GrantedAuthorityImpl(g);
return groups;

public GroupDetails loadGroupByGroupname(final String groupname) throws UsernameNotFoundException, DataAccessException {
@@ -0,0 +1,32 @@

import hudson.Functions;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.jvnet.hudson.test.HudsonTestCase;

import java.util.Arrays;

import static hudson.util.jna.GNUCLibrary.*;

* @author Kohsuke Kawaguchi
public class PAMSecurityRealmTest extends HudsonTestCase {
public void testLoadUsers() {
if (Functions.isWindows()) return; // skip on Windows

SecurityComponents sc = new PAMSecurityRealm("sshd").getSecurityComponents();

try {
fail("no such user");
} catch (UsernameNotFoundException e) {
// expected

String name = LIBC.getpwuid(LIBC.geteuid()).pw_name;


0 comments on commit 531b86f

Please sign in to comment.