Shiny Server and RStudio Server on the same system

[Eva]

Hi, 

Has anyone installed Shiny Server and RStudio Server on the same system? I'm looking for a solution to have RStudio Server use the AD authentication that's configured for Shiny Server. 

Any recommendation? Thanks in advance. 

[Laz C. Peterson]

Hi Eva,

We run them both off of the same server, but our authentication methods are different for each one.  But if your goal is to have both authenticate using Active Directory, I would recommend setting up PAM authentication to use LDAP.  That method will vary based on what your linux distribution is.

I have not tested it, but with PAM using LDAP, you should be able to have users log in with their Active Directory credentials for either RStudio Server or Shiny Server.  (Someone please correct me if I am wrong.)

Hope that helps.

~ Laz Peterson
Paravis, LLC

--
You received this message because you are subscribed to the Google Groups "Shiny - Web Framework for R" group.
To unsubscribe from this group and stop receiving emails from it, send an email to shiny-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/shiny-discuss/11dde1a4-0e25-4fc8-ac02-9df9616a11ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Joe Cheng]

That's right, PAM is the only way as far as I know to use RStudio with AD. RStudio must always run as the logged in user, and PAM is how you achieve that on Linux. Fortunately setting up PAM for AD is fairly easy, a Google search for your distro should turn up lots of relevant hits. If you can't figure it out on your own please contact sup...@rstudio.com, they have more experience with this sort of thing than those of us who are monitoring this list.

To view this discussion on the web visit https://groups.google.com/d/msgid/shiny-discuss/810A2DCC-D58A-4531-B4D3-A21954E4F763%40paravis.net.

[Eva]

Thank you. What if I don't have the admin privilege to the AD?

[Joe Cheng]

You may need to ask your AD administrator for help then. At least someone will need permissions to join the Linux server to the domain (I'm not an expert though).

To view this discussion on the web visit https://groups.google.com/d/msgid/shiny-discuss/3762af6a-0b29-4120-95bd-10a71c459f08%40googlegroups.com.

[Laz C. Peterson]

Eva, I am no expert on AD or PAM, but you could technically use your own personal AD account strictly to bind to AD for authentication purposes. Or simply as proof of concept for AD authentication for Shiny and RStudio.

Depending on how your organization has its AD set up, you may have certain security requirements. But by default, you can bind with your user (for example, "cn=Eva User,cn=Users,dc=example,dc=corp" and your password), and use that to search your AD for user accounts and other things.

Most default AD environments do not allow any password changes or anything of that level of security without domain admin privileges. But strictly to search AD to find user accounts and for authentication, you should be good.

There are special cases that may require you to export/import your domain's SSL certificates, but as Joe has said, you should talk to your domain admin for that. If that's the case, you will just need to export the certificate for a domain controller (through mmc.exe) as a PEM format. And then copy that file to your Linux server and then install it on that Linux server so it trusts AD (if SSL/TLS is required by your admin). We have to do that for all of our AD domains.

We are very familiar with Ubuntu and Debian Linux environments, so I don't know if we can be of a lot of help to you on RedHat or CentOS (can't remember which you use) ...

If you have any simple questions (I'm a novice compared to most), feel free to reach out. I can possibly point you in the right direction at least.

~ Laz Peterson
Paravis, LLC