ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-827) Use system supplied mechanism to get users and groups on unix
Date Wed, 03 Feb 2016 14:43:39 GMT

    [ https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130497#comment-15130497
] 

Bolke de Bruin commented on RANGER-827:
---------------------------------------

Plan for ranger authentication by using PAM. Extending remote authentication to
PAM. 

This creates full end to end security across OS and Hadoop. It also puts back managing access
to ranger in the hands of an administrator by means of Pam
Configs. 

> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Bolke de Bruin
>              Labels: integration, pam, sssd, sync
>             Fix For: 0.6.0
>
>         Attachments: 0001-RANGER-827-Improve-unix-usersync.patch, 0002-RANGER-827-Improve-unix-usersync.patch,
usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often not a reflection
of users and groups available on a system especially when nsswitch is configured (eg. sssd,
ldap etc).
> Secondly in some cases groups will contain user names that are not returned with "getent
passwd", especially "external users" and it is required to add these using the group information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message