[
https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15140769#comment-15140769
]
Bolke de Bruin edited comment on RANGER-842 at 2/10/16 1:41 PM:
----------------------------------------------------------------
This patch adds support for authentication against PAM.
* /etc/pam.d/ranger-remote is used for remote authentication
* /etc/pam.d/ranger-admin is used for native authentication
# unixauthnative now uses PAM as a standard as it doesn't seem to make sense to
keep /etc/shadow based authentication in modern times (using /etc/pam.d/passwd
as an example for /etc/pam.d/ranger-remote you have backwards compatibility)
# a new option "PAM" is available next to LDAP,AD,UNIX
# the patch now also adds the benefit of compiling and working on OSX
Please note that this patch adds a dependency on libpam4j which is MIT
licensed. It is only required for JAAS PAM.
Additional tests have not been supplied. Any test would require valid
credentials on the test system. If these can be supplied I will add some tests.
was (Author: bolke):
This patch adds support for authentication against PAM.
* /etc/pam.d/ranger-remote is used for remote authentication
* /etc/pam.d/ranger-admin is used for native authentication
# unixauthnative now uses PAM as a standard as it doesn't seem to make sense to
keep /etc/shadow based authentication in modern times.
# a new option "PAM" is available next to LDAP,AD,UNIX
# the patch now also adds the benefit of compiling and working on OSX
Please note that this patch adds a dependency on libpam4j which is MIT
licensed. It is only required for JAAS PAM.
Additional tests have not been supplied. Any test would require valid
credentials on the test system. If these can be supplied I will add some tests.
> Use PAM for authentication
> --------------------------
>
> Key: RANGER-842
> URL: https://issues.apache.org/jira/browse/RANGER-842
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 0.5.1, 0.6.0
> Reporter: Bolke de Bruin
> Labels: authentication, security
> Fix For: 0.5.1, 0.6.0
>
> Attachments:
> 0001-Implements-ranger-admin-authentication-remote-and-na.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix
> authentication. This way of authenticating is somewhat outdated as any recent
> Linux system (and many of the BSDs) have PAM available. PAM allows multiple
> authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
