-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
Authenticaton and user management in DataStage is currently a little tempremental.
Samba: SMB LDAP utilities (can this use PAM?) SSH: PAM Apache/WebDAV: mod_ldap
Apache/WebDAV could be replaced with a PyWebDAV implementation (http://code.google.com/p/pywebdav/).
DataBank credentials are currently given to DataStage.
OAuth service-to-service delegated access (Sword) PAM local service authn/authz (Samba, SSH, etc) WebAuth single-sign on (web service, setting local credentials for PAM) LDAP possibly to pull user details from remote LDAP store
Use WebAuth to get a username, and then look up username locally to determine authz.
Plug into PAM; lets sysadmins set up their own local or remote authn/authz. Use local LDAP as a default (?).
sudoers needs changing for testing write access. Alex has an implementation of this in Python using the posix1e Python library (https://github.com/dataflow/DataStage/blob/djangoification/datastage/util/path.py).
Need to find web-based LDAP user management tool, and to make sure that all our services use LDAP.
The authentication stuff should be pulled out into a separate repo and made a dependency of both DataStage and DataBank.
- passwd(?)
- Local LDAP
- RADIUS
- Kerberos
- WebAuth (only for web)
Still may need local authz.
- DataStage to use PAM for everything user-facing (SSH, SMB, WebDAV, HTTP)
- DataBank to use PAM for everything user-facing (HTTP)
- Sword between DataStage and DataBank to be OAuthed. ** DataBank to have API to hand out OAuth service tokens to DataStage instances.
- Get DataStage and DataBank working with WebAuth.