[
https://issues.apache.org/jira/browse/AMBARI-17708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15380193#comment-15380193
]
Vishal Ghugare commented on AMBARI-17708:
-----------------------------------------
Hello Henning,
There is already a JIRA open for this work, please take a look at :
https://issues.apache.org/jira/browse/AMBARI-12263.
We have completed most of the work and would be uploading patch shortly. Please
feel free to let me know if you have any questions.
Thanks,
-Vishal
> Support PAM Authentication
> --------------------------
>
> Key: AMBARI-17708
> URL: https://issues.apache.org/jira/browse/AMBARI-17708
> Project: Ambari
> Issue Type: New Feature
> Components: ambari-server
> Affects Versions: trunk
> Reporter: Henning Kropp
> Assignee: Henning Kropp
> Labels: security
>
> LDAP is complicated and needs careful configuration especially if
> synchronizing with a local users repository. It can even get more complex,
> when trying to support users from multiple domains, which is not supported by
> Ambari right now.
> Tools like SSSD, Winbind, Quest, Centrify, ... do a good job of integrating
> complex LDAP/AD environments to Unix/Linux based systems using PAM.
> Using PAM in Ambari could potentials simplify user authentication a lot.
> As users synchronization would not be required anymore, users would need to
> be created at first log in. This can be borrowed from the newly implemented
> JWT authentication.
> Other projects using PAM authentication:
> (In Hadoop Knox) https://issues.apache.org/jira/browse/KNOX-537
> (With Spring Auth)
> https://github.com/ImmobilienScout24/yum-repo-server/blob/master/src/main/java/de/is24/infrastructure/gridfs/http/security/PamAuthenticationProvider.java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
