Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-537

Linux PAM Authentication Provider

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.5.0, 0.6.0, 0.7.0
    • 0.10.0
    • Server
    • All

    Description

      OS level PAM security provides great interface for authentication and authorization. For example, sssd provides support for manage Active Directory nested OU by adjusting ldap_group_nesting_level = 5. Knox configuration is configured to interact with LDAP directly, but this has two short cominges. First, hgh volume traffic is likely to make too many queries to AD without cache. Second, complex logic of LDAP queries can not map correctly to UserDnTemplate without adding more ldap specific logic into JndiLdapRealm code and parameters.

      Knox can be improved to use PAM to out source complex OS to AD interaction to sssd. It is possible to implement a shiro PAM plugin to reduce the complex LDAP logic that is starting to accumulate in Knox.

      Looks like there is a least a start for this here.
      https://github.com/plaflamme/shiro-libpam4j
      libpam4j is available via Maven and uses an MIT license
      http://mvnrepository.com/artifact/org.jvnet.libpam4j/libpam4j/1.4
      This might be a great addition to Knox.

      Attachments

        1. KNOX-537-002.patch
          15 kB
          Larry McCay
        2. KNOX-537.patch
          16 kB
          Henning Kropp
        3. 0001-knox-537-add-pam-authentication-support.patch
          32 kB
          Jeffrey E Rodriguez

        Issue Links

          is a clone of

          Bug - A problem which impairs or prevents the functions of the product. KNOX-536 LDAP authentication against nested OU

          • Major - Major loss of function.
          • Closed
          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. KNOX-568 Adding PAM Module Support into Knox

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. KNOX-736 Support NIS Schema in Demo LDAP

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Test - A new unit, integration or system test. KNOX-737 Create PAM Authentication Example with Demo LDAP

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              hkropp Henning Kropp
              jeffreyr97 Jeffrey E Rodriguez
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: