[
https://issues.apache.org/jira/browse/KNOX-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987046#comment-15987046
]
Larry McCay commented on KNOX-461:
----------------------------------
Hi [~rlamothe] - thank you for this comment.
I am curious whether you have considered either of these alternatives:
1. using PAM based authentication -
http://knox.apache.org/books/knox-0-12-0/user-guide.html#PAM+based+Authentication
2. using the Hadoop Group Lookup Provider -
http://knox.apache.org/books/knox-0-12-0/user-guide.html#Hadoop+Group+Lookup+Provider
Either should give you what you need and #2 in particular will give you exactly
the same group lookup as is used in Hadoop.
If you think we should continue to invest in the Shiro provider group lookup
then I'd like to understand why the other alternatives don't meet your needs.
Thanks again for your comment - these insights are especially important to us!
> Leverage Directory Computed Attribute for User Group Discovery
> ---------------------------------------------------------------
>
> Key: KNOX-461
> URL: https://issues.apache.org/jira/browse/KNOX-461
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Dilli Arumugam
> Priority: Critical
> Fix For: Future
>
>
> Leverage Directory Computed Attribute for User Group Discovery
> We should use computed attribute memberof supported by Active Driectory to
> discover groups of the authenticated user. This would significantly boost
> performance as compared we computing groups using group search.
> OpenLDAP also could be configured to return computed groups.
> However, OpenLDAP would return this attribute as memberof.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
