GitHub user prabhjyotsingh opened a pull request:
https://github.com/apache/zeppelin/pull/3003
[ZEPPELIN-3526] Zeppelin auth mechanisms (LDAP or password based) should be
mutually exclusive
### What is this PR for?
Problem:
When any external authentication (like LDAP/AD) is enabled for Zeppelin,
the default password-based authentication could still be configured in addition
to that. This makes space for backdoor in Zeppelin where the user can still get
in using the local username/password.
Proposed Solution:
Zeppelin shouldn't allow specifying [users] section in shiro.ini when it is
configured to authenticate with LDAP/AD.
### What type of PR is it?
[Bug Fix | Feature ]
### Todos
* [ ] - Add documentation
### What is the Jira issue?
* [ZEPPELIN-3526](https://issues.apache.org/jira/browse/ZEPPELIN-3526)
### How should this be tested?
If both [users] and [main] for example activeDirectoryRealm section enabled
in shiro, Zeppelin server should not start.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-3526
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/3003.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3003
----
commit 529ab3e0e4297f413a0095e4dd19e7e11ce32493
Author: Prabhjyot Singh <prabhjyotsingh@...>
Date: 2018-06-05T06:31:25Z
ZEPPELIN-3526: Zeppelin auth mechanisms (LDAP or password based) should be
mutually exclusive
Change-Id: I9e0602c41462997c14a2dbb7378489ffab3ca0b4
----
---
