Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
trunk
-
None
Description
LDAP is complicated and needs careful configuration especially if synchronizing with a local users repository. It can even get more complex, when trying to support users from multiple domains, which is not supported by Ambari right now.
Tools like SSSD, Winbind, Quest, Centrify, ... do a good job of integrating complex LDAP/AD environments to Unix/Linux based systems using PAM.
Using PAM in Ambari could potentials simplify user authentication a lot.
As users synchronization would not be required anymore, users would need to be created at first log in. This can be borrowed from the newly implemented JWT authentication.
Other projects using PAM authentication:
(In Hadoop Knox) https://issues.apache.org/jira/browse/KNOX-537
(With Spring Auth) https://github.com/ImmobilienScout24/yum-repo-server/blob/master/src/main/java/de/is24/infrastructure/gridfs/http/security/PamAuthenticationProvider.java
Attachments
Issue Links
- duplicates
-
AMBARI-12263 Support PAM as authentication mechanism for accessing Ambari UI/REST
- Resolved