Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Why PAM authentication for Ranger doesn't exist ?

Highlighted

Why PAM authentication for Ranger doesn't exist ?

Explorer

Before the migration from IOP 4.2.5 to HDP 2.6.4, we used PAM authentication for Ranger Admin.

Now we can only have UNIX, LDAP or AD.

Why ? it's very useful to use PAM authentication.

4 REPLIES 4
Highlighted

Re: Why PAM authentication for Ranger doesn't exist ?

This is because of the Ambari version used, which will be addressed in the next version.

https://issues.apache.org/jira/browse/AMBARI-18425

Re: Why PAM authentication for Ranger doesn't exist ?

AMBARI-18425 will be available in Ambari 2.7.0 (to be released).

In the meanwhile, if using Ambari 2.6.x (with HDP 2.6.x), set the authentication method as UNIX and add a custom property ranger.pam.authentication.enabled in ranger-admin-site.xml and set it to true.

Highlighted

Re: Why PAM authentication for Ranger doesn't exist ?

Explorer

Okay nice to know that.

but it's strange that when i used IOP 4.2.5 (so with Ambari 2.4.2) this functionnality was implemented

Thanks for your time

Highlighted

Re: Why PAM authentication for Ranger doesn't exist ?

yes, that is true. Above Ambari patch mentioned was back-ported to Ambari used with IOP 4.2.5.

Don't have an account?
Coming from Hortonworks? Activate your account here