[
https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130497#comment-15130497
]
Bolke de Bruin commented on RANGER-827:
---------------------------------------
Plan for ranger authentication by using PAM. Extending remote authentication to
PAM.
This creates full end to end security across OS and Hadoop. It also puts back
managing access to ranger in the hands of an administrator by means of Pam
Configs.
> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
> Key: RANGER-827
> URL: https://issues.apache.org/jira/browse/RANGER-827
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
> Affects Versions: 0.5.1
> Reporter: Bolke de Bruin
> Labels: integration, pam, sssd, sync
> Fix For: 0.6.0
>
> Attachments: 0001-RANGER-827-Improve-unix-usersync.patch,
> 0002-RANGER-827-Improve-unix-usersync.patch, usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often
> not a reflection of users and groups available on a system especially when
> nsswitch is configured (eg. sssd, ldap etc).
> Secondly in some cases groups will contain user names that are not returned
> with "getent passwd", especially "external users" and it is required to add
> these using the group information.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
