In a kerberozed cluster. How to block local user authentication for Ranger and only Accept Active Directory users. Can Ranger locally create users as well?
Hi @Vishal Gupta,
To disable local user authentication in Ranger, you'll need to change authentication method under 'Ranger Settings' section from 'UNIX' to 'Active Directory'. You'll also need to provide other AD parameters. Please check this documentation link for complete configuration.
By default, Ranger Usersync will sync local users into Ranger database. You can change this behavior by changing 'Sync Source' under 'Ranger User Info' from 'UNIX' to 'LDAP/AD'. Please check this link for complete steps. Once Usersync is configured with AD, it will not sync & create local Unix users in Ranger database. Mind you that some local users are required for default Ranger policies to work properly.
Hope this helps !