ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-842) Allow PAM for authentication
Date Wed, 17 Aug 2016 14:02:20 GMT

    [ https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15424560#comment-15424560
] 

Bolke de Bruin commented on RANGER-842:
---------------------------------------

This is expected and is also true for the previous setup (using shadow directly). Making /etc/shadow
worl readable is a security issue. 

Btw the only thing that is required to run as root is the ranger-pam service. 



Van: Yan (JIRA)


> Allow PAM for authentication
> ----------------------------
>
>                 Key: RANGER-842
>                 URL: https://issues.apache.org/jira/browse/RANGER-842
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>    Affects Versions: 0.5.1, 0.6.0
>            Reporter: Bolke de Bruin
>            Assignee: Selvamohan Neethiraj
>              Labels: authentication, security
>             Fix For: 0.6.0
>
>         Attachments: 0001-RANGER-842-This-patch-adds-PAM-auth-support-to-range.patch,
0002-RANGER-842-modified-to-create-a-separate-module-for-.patch, 0003-RANGER-842-Fixed-Apache-License-Header-and-Added-add.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix authentication.
This way of authenticating is somewhat outdated as any recent Linux system (and many of the
BSDs) have PAM available. PAM allows multiple authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message