[
https://issues.apache.org/jira/browse/RANGER-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15423545#comment-15423545
]
Yan commented on RANGER-842:
----------------------------
When PAM is used, it seems to be that the Ranger has to be run as the root.
Otherwise the authentication would fail. More investigation suggests that the
permission of the /etc/shadow is the issue. If its permission was changed to
"all readable", although obviously an unwise value, the PAM would work well.
Is this an expected behavior? Thanks!
> Allow PAM for authentication
> ----------------------------
>
> Key: RANGER-842
> URL: https://issues.apache.org/jira/browse/RANGER-842
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 0.5.1, 0.6.0
> Reporter: Bolke de Bruin
> Assignee: Selvamohan Neethiraj
> Labels: authentication, security
> Fix For: 0.6.0
>
> Attachments:
> 0001-RANGER-842-This-patch-adds-PAM-auth-support-to-range.patch,
> 0002-RANGER-842-modified-to-create-a-separate-module-for-.patch,
> 0003-RANGER-842-Fixed-Apache-License-Header-and-Added-add.patch
>
>
> Ranger currently uses shadow based authentication if configured for unix
> authentication. This way of authenticating is somewhat outdated as any recent
> Linux system (and many of the BSDs) have PAM available. PAM allows multiple
> authentication sources and also does authorization.
> Ranger should be able to use PAM for authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
