Securing the management interfaces with LDAP
In the Testing the Kerberos login against management interfaces section, we discussed how to secure the management interfaces using the Kerberos ticketing system.
If you don't need that level of complexity in your infrastructure, but you still want to provide an adequate level of security, the recommended approach is to use a directory service. The directory service can be used both for authenticating the user and for granting a role to the user. If your management users will be all SuperUser
s then it's enough to configure just the authentication layer. On the other hand, if you want to apply Role-Based Access Control (RBAC) on your management users then you have to configure the authorization part.
To get you started quickly with this topic, we can continue using the ApacheDS
server contained in the kerberos-using-apacheds
project, which contains some LDAP users along with the Kerberos configuration. Otherwise, you can download...