[
https://issues.apache.org/jira/browse/AMBARI-15040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15382588#comment-15382588
]
Tuong Truong commented on AMBARI-15040:
---------------------------------------
[~hkropp] The idea here is to stop/sunset the existing LDAP support at some
point, and push users to use PAM. Current Ambari LDAP integration has many
design issues, and PAM does allow for transparent LDAP support. Our feeling
is that PAM support should integrate via group only with the the latest Ambari
authorization scheme; this seems to be a clean design.
Let us know if you think there are issues we need to consider.
> In PAM mode, support only group base authorization in Ambari
> ------------------------------------------------------------
>
> Key: AMBARI-15040
> URL: https://issues.apache.org/jira/browse/AMBARI-15040
> Project: Ambari
> Issue Type: Story
> Components: ambari-server
> Affects Versions: 2.1.0, 2.2.0
> Reporter: Tuong Truong
> Labels: authorization, security-groups
>
> Once PAM mode is enable for Ambari, user authorization should not be
> supported in order to avoid security holes or ambiguity.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
