[ https://issues.apache.org/jira/browse/KNOX-537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-537: ----------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Linux PAM Authentication Provider > --------------------------------- > > Key: KNOX-537 > URL: https://issues.apache.org/jira/browse/KNOX-537 > Project: Apache Knox > Issue Type: Bug > Components: Server > Affects Versions: 0.5.0, 0.6.0, 0.7.0 > Environment: All > Reporter: Jeffrey E Rodriguez > Assignee: Henning Kropp > Labels: knox, pam > Fix For: 0.10.0 > > Attachments: 0001-knox-537-add-pam-authentication-support.patch, > KNOX-537-002.patch, KNOX-537.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > OS level PAM security provides great interface for authentication and > authorization. For example, sssd provides support for manage Active > Directory nested OU by adjusting ldap_group_nesting_level = 5. Knox > configuration is configured to interact with LDAP directly, but this has two > short cominges. First, hgh volume traffic is likely to make too many > queries to AD without cache. Second, complex logic of LDAP queries can not > map correctly to UserDnTemplate without adding more ldap specific logic into > JndiLdapRealm code and parameters. > Knox can be improved to use PAM to out source complex OS to AD interaction to > sssd. It is possible to implement a shiro PAM plugin to reduce the complex > LDAP logic that is starting to accumulate in Knox. > Looks like there is a least a start for this here. > https://github.com/plaflamme/shiro-libpam4j > libpam4j is available via Maven and uses an MIT license > http://mvnrepository.com/artifact/org.jvnet.libpam4j/libpam4j/1.4 > This might be a great addition to Knox. -- This message was sent by Atlassian JIRA (v6.3.4#6332)