[
https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371301#comment-15371301
]
Yujie Li commented on RANGER-842:
---------------------------------
Hello,
I am testing the new patches that [~sneethiraj] provided. Couple of questions
here.
1.
I set ranger.authentication.method to PAM and created ranger-admin and
ranger-remote files under /etc/pam.d. When I am debugging, the PAM module is
used but every time PAM authentication would fail and try JDBCAuthentication
instead. This is weird. Am I doing anything wrong? How should I configure the
pam files?
2.
I am also testing the fall back functionality. Right now the ranger is running
on a machine without PAM-devel library but of course with PAM. The build won't
fail any more. But I am just curious about the fall back functionality. Is this
for machines that don't have PAM at all (Both PAM and pam-devel library)?
Thanks!
> Allow PAM for authentication
> ----------------------------
>
> Key: RANGER-842
> URL: https://issues.apache.org/jira/browse/RANGER-842
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 0.5.1, 0.6.0
> Reporter: Bolke de Bruin
> Assignee: Selvamohan Neethiraj
> Labels: authentication, security
> Fix For: 0.6.0
>
> Attachments:
> 0001-RANGER-842-This-patch-adds-PAM-auth-support-to-range.patch,
> 0002-RANGER-842-modified-to-create-a-separate-module-for-.patch,
> 0003-RANGER-842-Fixed-Apache-License-Header-and-Added-add.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix
> authentication. This way of authenticating is somewhat outdated as any recent
> Linux system (and many of the BSDs) have PAM available. PAM allows multiple
> authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
