Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 361663

Summary: [Gogo] Use KernelLoginModule for shell authentication
Product: [RT] Virgo Reporter: Glyn Normington <glyn.normington>
Component: runtimeAssignee: Glyn Normington <glyn.normington>
Status: CLOSED FIXED QA Contact:
Severity: enhancement    
Priority: P3 CC: l.kirchev
Version: unspecifiedFlags: glyn.normington: documentation+
Target Milestone: 3.5.0.M01   
Hardware: PC   
OS: Mac OS X - Carbon (unsup.)   
Whiteboard:

Description Glyn Normington CLA 2011-10-21 10:32:44 EDT 
Two authentication mechanisms are currently used in Virgo: one for JMX and the admin console and another for the shell. These are configured and used differently, which is likely to confuse the users.

The shell should be modified to use the KernelLoginModule and therefore use the user names and passwords defined in config/org.eclipse.virgo.kernel.users.properties.
Comment 1 Glyn Normington CLA 2011-10-21 10:35:07 EDT 
Some guidance is here: http://www.eclipse.org/equinox/incubator/console/user-doc.php
Comment 2 Glyn Normington CLA 2011-10-21 10:36:56 EDT 
Notes on user authentication in Virgo...

The start processing of dmk.sh sets the following system properties:

		-Djava.security.auth.login.config=$CONFIG_DIR/org.eclipse.virgo.kernel.authentication.config
		-Dorg.eclipse.virgo.kernel.authentication.file=$CONFIG_DIR/org.eclipse.virgo.kernel.users.properties
			
org.eclipse.virgo.kernel.authentication.config contains the following:

virgo-kernel {
	org.eclipse.virgo.kernel.authentication.KernelLoginModule REQUIRED;
};
...

"JAAS Login Configuration File" http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/tutorials/LoginConfigFile.html
describes how an application can authenticate a user and password by constructing a LoginContext passing the name of an entry
in the JAAS login configuration file, such as "virgo-kernel", and a callback handler which is used to supply the user name and
password to JAAS.

KernelLoginModule looks for the system property org.eclipse.virgo.kernel.authentication.file, typically set to point at the file
org.eclipse.virgo.kernel.users.properties, and uses it to create a CredentialStore which it uses to authenticate users and passwords.

The shipped version of org.eclipse.virgo.kernel.users.properties contains:

##################
# User definitions
##################
user.admin=springsource


##################
# Role definitions
##################
role.admin=admin
Comment 3 Glyn Normington CLA 2011-10-21 10:37:50 EDT 
Notes on shell authentication in Virgo...

org.eclipse.virgo.kernel.authentication.config contains the following:

...
equinox_console {
	org.eclipse.equinox.console.jaas.SecureStorageLoginModule REQUIRED;
};

dmk.sh sets the following system properties:

    -Dorg.eclipse.equinox.console.jaas.file="$CONFIG_DIR/store"
    -Dssh.server.keystore="$CONFIG_DIR/hostkey.ser"

(This is only part of the story - see comment 1.)
Comment 4 Lazar Kirchev CLA 2011-10-21 10:42:01 EDT 
The shell was initially designed to be able to work standalone, even if the Virgo LoginModule is not present. That is why it provides its own default LoginModule.

However, it should be possible to customize it with another LoginModule. I should test if the customization works out-of-the box, as designed. If not, at least it should be possible with minor modifications to enable such customization.
Comment 5 Glyn Normington CLA 2011-10-21 10:49:59 EDT 
(In reply to comment #4)
> The shell was initially designed to be able to work standalone, even if the
> Virgo LoginModule is not present. That is why it provides its own default
> LoginModule.
> 
> However, it should be possible to customize it with another LoginModule. I
> should test if the customization works out-of-the box, as designed. If not, at
> least it should be possible with minor modifications to enable such
> customization.

Thanks Lazar.

I tried a quick experiment of declaring equinox_console to use the kernel login module, but that seemed not to make the slightest difference. Reading the doc in comment 1, it seems there are some other configuration tweaks to be made, so rather than rush it in, I thought raising this bug would be more helpful.
Comment 6 Lazar Kirchev CLA 2011-10-21 11:00:19 EDT 
(In reply to comment #5)
> (In reply to comment #4)
> > The shell was initially designed to be able to work standalone, even if the
> > Virgo LoginModule is not present. That is why it provides its own default
> > LoginModule.
> > 
> > However, it should be possible to customize it with another LoginModule. I
> > should test if the customization works out-of-the box, as designed. If not, at
> > least it should be possible with minor modifications to enable such
> > customization.
> 
> Thanks Lazar.
> 
> I tried a quick experiment of declaring equinox_console to use the kernel login
> module, but that seemed not to make the slightest difference. Reading the doc
> in comment 1, it seems there are some other configuration tweaks to be made, so
> rather than rush it in, I thought raising this bug would be more helpful.

Thanks Glyn! 
I have to check this out - my first idea was that probably setting equinox_console to use the kernel login module will be enough, but obviously it is not. I will debug this to see what goes wrong.
Comment 7 Lazar Kirchev CLA 2011-10-24 02:56:44 EDT 
To use the KernelLoginModule do the following:

- in config/org.eclipse.virgo.kernel.authentication.config declare equinox_console to use the kernel login
module

- in lib/org.eclipse.virgo.kernel.launch.properties comment the line osgi.console.ssh.useDefaultSecureStorage=true, or set it to false. 

After doing this you should be able to log in the ssh console with the virgo user and password.
Comment 8 Glyn Normington CLA 2011-10-24 06:10:15 EDT 
(In reply to comment #7)
> To use the KernelLoginModule do the following:
> 
> - in config/org.eclipse.virgo.kernel.authentication.config declare
> equinox_console to use the kernel login
> module
> 
> - in lib/org.eclipse.virgo.kernel.launch.properties comment the line
> osgi.console.ssh.useDefaultSecureStorage=true, or set it to false. 
> 
> After doing this you should be able to log in the ssh console with the virgo
> user and password.

Great! Thanks Lazar.

I propose we make this change for Virgo 3.5 and fix up the documentation to match.

Can you see any downside?

Regards,
Glyn
Comment 9 Lazar Kirchev CLA 2011-10-24 06:21:55 EDT 
(In reply to comment #8)
> (In reply to comment #7)
> > To use the KernelLoginModule do the following:
> > 
> > - in config/org.eclipse.virgo.kernel.authentication.config declare
> > equinox_console to use the kernel login
> > module
> > 
> > - in lib/org.eclipse.virgo.kernel.launch.properties comment the line
> > osgi.console.ssh.useDefaultSecureStorage=true, or set it to false. 
> > 
> > After doing this you should be able to log in the ssh console with the virgo
> > user and password.
> 
> Great! Thanks Lazar.
> 
> I propose we make this change for Virgo 3.5 and fix up the documentation to
> match.
> 
> Can you see any downside?
> 
> Regards,
> Glyn

I think it is OK to make it so. The intention of the login module of the shell was to use digested passwords. But since Virgo uses other credentials, the shell's login module becomes redundant.
Comment 10 Glyn Normington CLA 2011-10-24 06:38:48 EDT 
Thanks Lazar!
Comment 11 Glyn Normington CLA 2011-11-10 07:46:59 EST 
Fixed in kernel commit d5ca77c.
Comment 12 Glyn Normington CLA 2011-11-11 03:57:18 EST 
Document changes in commit 542b738.