[jira] [Commented] (KNOX-537) Linux PAM Authentication Provider

Kevin Minder (JIRA) Wed, 13 Jan 2016 08:00:08 -0800

    [ 
https://issues.apache.org/jira/browse/KNOX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096400#comment-15096400
 ]


Kevin Minder commented on KNOX-537:
-----------------------------------

[~jeffreyr97] < Until we figure out how this might affect 0.8.0 which we are 
currently targeting to include PAC4J stuff you should just attach attach a 
markdown file that documents this.  The idea is that this file will soon be 
added to the SVN site repo.  For inspiration look at these.
https://svn.apache.org/repos/asf/knox/trunk/books/0.7.0/config_advanced_ldap.md
https://svn.apache.org/repos/asf/knox/trunk/books/0.7.0/config_preauth_sso_provider.md
https://svn.apache.org/repos/asf/knox/trunk/books/0.7.0/config_knox_sso.md
and then see how these are <<included>> into the book here
https://svn.apache.org/repos/asf/knox/trunk/books/0.7.0/book_gateway-details.md
like this
{code}
<<config.md>>
<<knox_cli.md>>
<<admin_api.md>>
<<x-forwarded-headers.md>>
<<config_authn.md>>
<<config_advanced_ldap.md>>
<<config_ldap_authc_cache.md>>
<<config_ldap_group_lookup.md>>
<<config_id_assertion.md>>
<<config_authz.md>>
<<config_kerberos.md>>
<<config_ha.md>>
<<config_webappsec_provider.md>>
<<config_preauth_sso_provider.md>>
<<config_knox_sso.md>>
<<config_mutual_authentication_ssl.md>>
<<config_audit.md>>
{code}

> Linux PAM Authentication Provider
> ---------------------------------
>
>                 Key: KNOX-537
>                 URL: https://issues.apache.org/jira/browse/KNOX-537
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.5.0, 0.6.0, 0.7.0
>         Environment: All
>            Reporter: Jeffrey E  Rodriguez
>            Assignee: Jeffrey E  Rodriguez
>              Labels: knox, pam
>             Fix For: 0.8.0
>
>         Attachments: 0001-knox-537-add-pam-authentication-support.patch
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> OS level PAM security provides great interface for authentication and 
> authorization.  For example, sssd provides support for manage Active 
> Directory nested OU by adjusting ldap_group_nesting_level = 5.  Knox 
> configuration is configured to interact with LDAP directly, but this has two 
> short cominges.   First, hgh volume traffic is likely to make too many 
> queries to AD without cache.  Second, complex logic of LDAP queries can not 
> map correctly to UserDnTemplate without adding more ldap specific logic into 
> JndiLdapRealm code and parameters.
> Knox can be improved to use PAM to out source complex OS to AD interaction to 
> sssd.  It is possible to implement a shiro PAM plugin to reduce the complex 
> LDAP logic that is starting to accumulate in Knox.
> Looks like there is a least a start for this here.
> https://github.com/plaflamme/shiro-libpam4j
> libpam4j is available via Maven and uses an MIT license 
> http://mvnrepository.com/artifact/org.jvnet.libpam4j/libpam4j/1.4
> This might be a great addition to Knox.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KNOX-537) Linux PAM Authentication Provider

Reply via email to