Configure Atlas PAM authentication

By default in Data Center installations, Atlas uses PAM authentication, which means valid Atlas users correspond to the users configured for the operating system on the host where Atlas runs. Cloud installations do not use PAM authentication.

These steps describe setting properties to enable PAM authentication. To disable PAM, you can remove the properties or set the PAM authentication method property to false. If you leave the PAM authentication method to true and set another authentication method to true, Atlas uses both methods to authenticate users.

Minimum Required Role in Cloudera Manager: Full Administrator.

In Cloudera Manager, select the Atlas service, then open the Configuration tab.
To display the appropriate property, type "safety" in the Search box.
Find the Atlas Server Advanced Configuration Snippet (Safety Valve) for conf/atlas-application.properties.
In the safety valve, set the following properties:
```
atlas.authentication.method.pam=true
atlas.authentication.method.pam.service=login service
```
where login service indicates the desired PAM login service. For example, set atlas.authentication.method.pam.service=login to use /etc/pam.d/login.
Click Save Changes.
Restart the Atlas service.
Once the PAM authentication is enabled for Atlas on a Private Cloud Base cluster, to access Atlas, note the following:
- If Atlas was configured using LDAP or Active Directory, the same user role which was set-up can be authenticated and used for accessing Atlas.
- For an Operating System user, you can add the user using useradd or adduser commands and later access Atlas.
note
If Ranger is enabled, you must have appropriate permissions for the user (both the scenarios above) in Ranger policies. Alternatively, if Ranger is not enabled, the user must manually update the JSON file - atlas-simple-authz-policy.json