ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-842) Use PAM for authentication
Date Wed, 10 Feb 2016 13:40:18 GMT

     [ https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Bolke de Bruin updated RANGER-842:
    Attachment: 0001-Implements-ranger-admin-authentication-remote-and-na.patch

This patch adds support for authentication against PAM.

* /etc/pam.d/ranger-remote is used for remote authentication
* /etc/pam.d/ranger-admin is used for native authentication

# unixauthnative now uses PAM as a standard as it doesn't seem to make sense to keep /etc/shadow
based authentication in modern times.
# a new option "PAM" is available next to LDAP,AD,UNIX
# the patch now also adds the benefit of compiling and working on OSX

Please note that this patch adds a dependency on libpam4j which is MIT licensed. It is only
required for JAAS PAM.

Additional tests have not been supplied. Any test would require valid credentials on the test
system. If these can be supplied I will add some tests.

> Use PAM for authentication
> --------------------------
>                 Key: RANGER-842
>                 URL: https://issues.apache.org/jira/browse/RANGER-842
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>    Affects Versions: 0.5.1, 0.6.0
>            Reporter: Bolke de Bruin
>              Labels: authentication, security
>             Fix For: 0.5.1, 0.6.0
>         Attachments: 0001-Implements-ranger-admin-authentication-remote-and-na.patch
> Ranger currently uses shadow based authentication if configured for unix authentication.
This way of authenticating is somewhat outdated as any recent Linux system (and many of the
BSDs) have PAM available. PAM allows multiple authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication

This message was sent by Atlassian JIRA

View raw message