Version:

Table Of Contents

  1. Docs
  2. Installation & Configuration
  3. Security
  4. Security Configuration

Security Configuration

Security Configuration Options

Security configuration settings are available in /opt/gpudb/core/etc/gpudb.conf.

  • require_authentication
    • true -- need authentication through username/password or LDAP, no anonymous login
    • false -- authentication is allowed, but non-authenticated users will be logged in as anonymous (default)
  • enable_authorization
    • true -- enforce authorization permissions
    • false -- no restrictions (default)
Configuration Type require_authentication enable_authorization Description
No auth false false All users will be logged in as anonymous and have no restrictions (default)
Authenticated true false All users are required to have an account to login and will be given Admin role privileges upon logging in
Authorized false true Users with an account will be given their designated roles. Users without an account will be given Public role privileges
Authenticated / Authorized true true All users are required to have an account to login and will be given their designated roles. No guest account access available.

LDAP Integration

LDAP integration with Kinetica is accomplished through an Apache HTTPD proxy. This proxy comes packaged with Kinetica and can be found in /opt/gpudb/httpd. The OpenLDAP server daemon (slapd) is also included in this directory. There is a preconfigured HTTPS to work with this instance of slapd. To use an existing LDAP, the Location section of the /opt/gpudb/httpd/conf/httpd/httpd.conf file needs to be modified. Since this portion is controlled by Apache HTTP not Kinetica, see the Apache documentation for further details. Full HTTPD and LDAP setup details are found on Secure Setup.

The included version of OpenLDAP can be started & initialized manually, using the commands:

$ sudo /opt/gpudb/httpd/gpudb-openldap.sh start
$ /opt/gpudb/httpd/openldap/openldap-init.sh

Note

Only run /opt/gpudb/httpd/openldap/openldap-init.sh the first time OpenLDAP is started.

LDAP Users

Once connected to an LDAP server, LDAP users can be used for all Kinetica administration. First, a user with administrative permissions that can be tied to an LDAP user will need to be created within Kinetica:

  • Log into Kinetica Administration Application (GAdmin) with a Kinetica administration account
  • From the Security menu, select Users
  • Click the New button
  • For Authentication, select External
  • Enter an LDAP username, preceded by @. This marks the user as an external LDAP user
  • For System Level Permission, select System Admin

Note

Although LDAP users are created with the username @<username>, they will log in with their regular username, without the @.

© Copyright 2016, Kinetica. Created using Sphinx.