Creating a Custom PAM Profile

To ensure that Data Fabric uses a unique PAM configuration:

  • Leave the /etc/pam.d/sudo file as is. Editing the /etc/pam.d/sudo file is not recommended.

  • Create your own PAM profile in /etc/pam.d, naming it mapr-admin.

  • Manually edit mapr.login.conf and other ecosystem component configuration files to use mapr-admin only.

Example /etc/pam.d/mapr-admin File

Below are some simple examples of what might work in the PAM profile by editing mapr-admin or a different PAM profile.
Be sure to consult a Linux administrator before modifying PAM profiles.
account     required
account     sufficient uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore]
account     required
auth    sufficient nullok_secure
auth    requisite uid >= 1000 quiet
auth    sufficient use_first_pass
auth    required
password    sufficient md5 obscure min=4 max=8 nullok
password    sufficient
password    required
session     required
session     required
session     optional
The file /etc/pam.d/sudo should be modified only with care and if absolutely necessary.

Example for Hue

  • Set which PAM profiles to use by modifying the pam_service option in the <HUE_HOME>/desktop/conf/hue.ini file:
    # Configuration options for user authentication into the web application
    # ------------------------------------------------------------------------
    # Authentication backend...
    # The service to use when querying PAM.
    ## pam_service=sudo sshd login
    The mapr-admin profile is not used in the default Hue configuration.
    Hue respects only the auth section from the PAM profiles.

Example for Livy

  • Authenticate users with PAM only by using Data Fabric MultiMechs authentication, so it uses the configuration from /opt/mapr/conf/mapr.login.conf.