Github user paul-rogers commented on a diff in the pull request:
https://github.com/apache/drill/pull/962#discussion_r141198653
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/Pam4jUserAuthenticator.java
---
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.drill.exec.rpc.user.security;
+
+import org.apache.drill.common.config.DrillConfig;
+import org.apache.drill.exec.ExecConstants;
+import org.apache.drill.exec.exception.DrillbitStartupException;
+import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.PAMException;
+import org.jvnet.libpam.UnixUser;
+
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * Implement {@link
org.apache.drill.exec.rpc.user.security.UserAuthenticator} based on Pluggable
Authentication
+ * Module (PAM) configuration. Configure the PAM profiles using
"drill.exec.security.user.auth.pam_profiles" BOOT
+ * option. Ex. value <i>[ "login", "sudo" ]</i> (value is an array of
strings).
+ */
+@UserAuthenticatorTemplate(type = "pam4j")
+public class Pam4jUserAuthenticator implements UserAuthenticator {
+ private static final org.slf4j.Logger logger =
org.slf4j.LoggerFactory.getLogger(Pam4jUserAuthenticator.class);
+
+ private List<String> profiles;
+
+ @Override
+ public void setup(DrillConfig drillConfig) throws
DrillbitStartupException {
+ profiles =
drillConfig.getStringList(ExecConstants.PAM_AUTHENTICATOR_PROFILES);
+ }
+
+ @Override
+ public void authenticate(String user, String password) throws
UserAuthenticationException {
+ for (String profile : profiles) {
+ PAM pam = null;
+ UnixUser unixUser;
+ try {
+ pam = new PAM(profile);
+ unixUser = pam.authenticate(user, password);
+ } catch (PAMException ex) {
+ logger.error("PAM auth failed for user: {} against {} profile.
Exception: {}", user, profile, ex.getMessage());
+ throw new UserAuthenticationException(String.format("PAM auth
failed for user: %s using profile: %s",
+ user, profile));
+ } finally {
+ if (pam != null) {
+ pam.dispose();
+ }
+ }
+
+ if (!user.equals(unixUser.getUserName())) {
--- End diff --
`equals` or `equalsIgnoreCase`? That is, should "Fred" match "fred"?
---
