You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (JIRA)" <ji...@apache.org> on 2016/02/11 19:08:18 UTC

[jira] [Comment Edited] (RANGER-842) Allow PAM for authentication

    [ https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143173#comment-15143173 ] 

Ramesh Mani edited comment on RANGER-842 at 2/11/16 6:07 PM:
-------------------------------------------------------------

[~bolke] what I meant was ranger admin uses properties in ranger-admin-default-site.xml and ranger-admin-site.xml -> ranger.authentication.method to define which kind of authentication is used. when PAM is in place we just change this property to "PAM" and this should take care of the authentication via "PAM", I wanted some writeup on how to test this mechanism if I need to do.
Also regarding kerberos, I see that PAM can be configured with Kerberos and if its done like that we don't need any addition parameters in ranger-admin to handle this?


was (Author: rmani):
[~bolke] what I meant was ranger admin users properties in ranger-admin-default-site.xml and ranger-admin-site.xml -> ranger.authentication.method to define which kind of authentication is used. when PAM is in place we just change this property to "PAM" and this should take care of the authentication via "PAM", I wanted some writeup on how to test this mechanism if I need to do.
Also regarding kerberos, I see that PAM can be configured with Kerberos and if its done like that we don't need any addition parameters in ranger-admin to handle this?

> Allow PAM for authentication
> ----------------------------
>
>                 Key: RANGER-842
>                 URL: https://issues.apache.org/jira/browse/RANGER-842
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>    Affects Versions: 0.5.1, 0.6.0
>            Reporter: Bolke de Bruin
>              Labels: authentication, security
>             Fix For: 0.5.1, 0.6.0
>
>         Attachments: 0001-Implements-ranger-admin-authentication-remote-and-na.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix authentication. This way of authenticating is somewhat outdated as any recent Linux system (and many of the BSDs) have PAM available. PAM allows multiple authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)