I have implemented PAM authentication based on shiro-libpam4j and it is integrated with Knox 0.6.0 to do OS authentication, as soon as I finish testing with LDAP using PAM I will post the design, document and a patch.
On Tue, Jul 14, 2015 at 12:25 PM, Kevin Minder <[email protected] > wrote: > Hi, > > We would be very interested in a PAM module for Knox. Did some quick > searching and found this: https://github.com/plaflamme/shiro-libpam4j > > We have done some experimentation with very simple demo setups with > credentials directly in topology files but decided against promoting it. > If this were something you were interested in I could re-figure this out. > > We've also been looking into buji-pac4j for several other authentication > models (e.g. OAuth, CAS, OpenID, SAML, etc). The limiting issue is that > they aren’t really targeting at active profile REST API use as far as we > have been able to determine. > > Kevin. > > > > On 7/14/15, 3:09 PM, "Tanping Wang" <[email protected]> wrote: > > >Hi, folks, > >Today Knox can not work without LDAP. For demo purpose that we would like > >to demonstrate that Knox can work with simple authentication, for example, > >base Unix OS authentication. I believe this is not possible today? > Please > >correct me if I am wrong. We are working on adding a PAM module to Knox's > >shiro framework, so that Knox can > >1) authenticate against base Unix OS -- for demo purpose only > >2) more importantly, nested OU would work for LDAP. > > > >Regards, > >Tanping >
