Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-17708

Support PAM Authentication

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • trunk
    • None
    • ambari-server

    Description

      LDAP is complicated and needs careful configuration especially if synchronizing with a local users repository. It can even get more complex, when trying to support users from multiple domains, which is not supported by Ambari right now.

      Tools like SSSD, Winbind, Quest, Centrify, ... do a good job of integrating complex LDAP/AD environments to Unix/Linux based systems using PAM.

      Using PAM in Ambari could potentials simplify user authentication a lot.

      As users synchronization would not be required anymore, users would need to be created at first log in. This can be borrowed from the newly implemented JWT authentication.

      Other projects using PAM authentication:
      (In Hadoop Knox) https://issues.apache.org/jira/browse/KNOX-537
      (With Spring Auth) https://github.com/ImmobilienScout24/yum-repo-server/blob/master/src/main/java/de/is24/infrastructure/gridfs/http/security/PamAuthenticationProvider.java

      Attachments

        Issue Links

          duplicates

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. AMBARI-12263 Support PAM as authentication mechanism for accessing Ambari UI/REST

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              hkropp Henning Kropp
              hkropp Henning Kropp
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: