Status: Open (View Workflow)
Fix Version/s: None
As per enterprise requirement to control user authorization based on "roles" and permissions, we would like to suggest controlling authorization and authentication through AD and LDAP layers by providing authentication mechanism through LDAP & Kerberos ticketing.
As an example would be granting permissions to an AD based group members, so database access controls will be moved to Active Directory by adding/removing participants into particular functional AD group.
For example creating AD group glbDBAdmins and GRANT ALL ON . for this AD or Linux group in MariaDB will grant to control access by just editing participant inside the group.
I suggest that this implementation could be done through PAM module and as per Mysql documentation "126.96.36.199.2.3 Unix Password Authentication with Proxy Users and Group Mapping" I think that this is the feature which could be reused..
Also I suggest that authentication part could be done through
MDEV-4691 Kerberos module.