[
https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158159#comment-15158159
]
Ramesh Mani commented on RANGER-842:
------------------------------------
[~bolke] You had metioned this.
"Implementation was done for JAAS and Remote (C) For remote authentication it
is now needed to have the pam headers and libraries installed (not available
currently with rangerqa)
For remote authentication a /etc/pamd.d/ranger-remote config file is required.
This is hardcoded in the C file. This file needs to exist otherwise
authentication will fail. For local authentication the property
"ranger.pam.service" can be configured. It defaults to "ranger-admin" and thus
refers to /etc/pam.d/ranger-admin by default. This file needs to exist
otherwise authentication will fail
* To enable PAM authentication set ranger.authentication.method to PAM"
So when PAM has to be used are you saying that the files
/etc/pam.d/ranger-admin and /etc/pamd.d/ranger-remote are to be created
manually?
How this patch will affect where PAM is not used, i.e how the normal
authentication going to work? This wil clarify my testing part.
> Allow PAM for authentication
> ----------------------------
>
> Key: RANGER-842
> URL: https://issues.apache.org/jira/browse/RANGER-842
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 0.5.1, 0.6.0
> Reporter: Bolke de Bruin
> Labels: authentication, security
> Fix For: 0.5.1, 0.6.0
>
> Attachments: 0002-RANGER-842-pam-authentication.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix
> authentication. This way of authenticating is somewhat outdated as any recent
> Linux system (and many of the BSDs) have PAM available. PAM allows multiple
> authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
