You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by prabhjyotsingh <gi...@git.apache.org> on 2018/06/05 06:34:04 UTC

[GitHub] zeppelin pull request #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP ...

GitHub user prabhjyotsingh opened a pull request:

    https://github.com/apache/zeppelin/pull/3003

    [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or password based) should be mutually exclusive

    ### What is this PR for?
    Problem:
    When any external authentication (like LDAP/AD) is enabled for Zeppelin, the default password-based authentication could still be configured in addition to that. This makes space for backdoor in Zeppelin where the user can still get in using the local username/password.
    
    Proposed Solution:
    Zeppelin shouldn't allow specifying [users] section in shiro.ini when it is configured to authenticate with LDAP/AD.
    
    
    ### What type of PR is it?
    [Bug Fix | Feature ]
    
    ### Todos
    * [ ] - Add documentation 
    
    ### What is the Jira issue?
    * [ZEPPELIN-3526](https://issues.apache.org/jira/browse/ZEPPELIN-3526)
    
    ### How should this be tested?
    If both [users] and [main] for example activeDirectoryRealm section enabled in shiro, Zeppelin server should not start.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-3526

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/3003.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3003
    
----
commit 529ab3e0e4297f413a0095e4dd19e7e11ce32493
Author: Prabhjyot Singh <pr...@...>
Date:   2018-06-05T06:31:25Z

    ZEPPELIN-3526: Zeppelin auth mechanisms (LDAP or password based) should be mutually exclusive
    
    Change-Id: I9e0602c41462997c14a2dbb7378489ffab3ca0b4

----


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    @Leemoonsoo @felixcheung @zjffdu  can you help review this.


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by zjffdu <gi...@git.apache.org>.

Github user zjffdu commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    LGTM, one suggestion is that I think it is time for us to do refactoring for the authentication component, we should put it in one component and provide interface to be used by other components. Instead of putting logic in zeppelin server like this PR. 


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    @mebelousov sure I've added a doc.


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    Thanks for the review will merge this if no more discussion.


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by mebelousov <gi...@git.apache.org>.

Github user mebelousov commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    @prabhjyotsingh I think it's good to document only one way for authentification. What do you think about it?


---

[GitHub] zeppelin issue #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or pass...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/3003
  
    Agreed we should definitely do something like zeppelin-plugins for authentication components as well in Zeppelin-0.9


---

[GitHub] zeppelin pull request #3003: [ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP ...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/zeppelin/pull/3003


---