[
https://issues.apache.org/jira/browse/AMBARI-12263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15388728#comment-15388728
]
Vishal Ghugare commented on AMBARI-12263:
-----------------------------------------
Thank you for your input Henning.
I am creating a new patch to address remarks 1 & 4.
Revoke Privileges: The patch already revokes the privileges if a user no longer
belongs to, for example, "admin group". Once a user is authenticated via PAM,
we retrieve all the groups a user belongs to and update user-group membership.
Please feel free to let me know if you have any questions.
> Support PAM as authentication mechanism for accessing Ambari UI/REST
> --------------------------------------------------------------------
>
> Key: AMBARI-12263
> URL: https://issues.apache.org/jira/browse/AMBARI-12263
> Project: Ambari
> Issue Type: Story
> Components: ambari-server, ambari-web
> Affects Versions: trunk
> Reporter: Eric Yang
> Assignee: Vishal Ghugare
> Labels: security
> Fix For: trunk
>
> Attachments: AMBARI-12263_trunk.patch
>
>
> Ambari GUI is using default "admin" user which is not a real user in
> operating system. Some company has strict password policy which can not be
> enforced to Ambari. It would be good to implement a Shiro PAM connector to
> authenticate user by Linux user credential.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
