[
https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15347716#comment-15347716
]
Selvamohan Neethiraj commented on RANGER-842:
---------------------------------------------
[~yujie.li] - Only after we commit this feature into Ranger, Ambari will be
able to support this feature.
[~bolke]/[~scottgray1] - I have rebased the attached patch; Also modified the
design to support the 'traditional' UNIX authentication using the credValidator
(old exe file) and added your changes to a new module, unixauthpam.
Based on this new approach, the ranger administrator should set
'ranger.authentication.method' to 'PAM' in ranger-admin-site.xml and
'ranger.usersync.passwordvalidator.path' to
'./native/pamCredValidator.uexe'
Please apply '0001-RANGER-842-This-patch-adds-PAM-auth-support-to-range.patch'
first
and then, apply
'0002-RANGER-842-modified-to-create-a-separate-module-for-.patch'
to test these patches.
Please review and provide your feedback.
> Allow PAM for authentication
> ----------------------------
>
> Key: RANGER-842
> URL: https://issues.apache.org/jira/browse/RANGER-842
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 0.5.1, 0.6.0
> Reporter: Bolke de Bruin
> Assignee: Selvamohan Neethiraj
> Labels: authentication, security
> Fix For: 0.6.0
>
> Attachments: 0002-RANGER-842-pam-authentication.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix
> authentication. This way of authenticating is somewhat outdated as any recent
> Linux system (and many of the BSDs) have PAM available. PAM allows multiple
> authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
