cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-5208) cli shouldn't set default username and password
Date Thu, 31 Jan 2013 19:03:12 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-5208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aleksey Yeschenko updated CASSANDRA-5208:
-----------------------------------------

    Priority: Trivial  (was: Minor)
    
> cli shouldn't set default username and password
> -----------------------------------------------
>
>                 Key: CASSANDRA-5208
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5208
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 1.2.1
>            Reporter: Aleksey Yeschenko
>            Assignee: Aleksey Yeschenko
>            Priority: Trivial
>             Fix For: 1.2.2
>
>         Attachments: 5208.txt
>
>
> Currently cli sets default username and password if none are set (in CliOptions.processArgs).
Because of this cli will always authenticate, whether or not this was the intent of the user
and CliMain.connect() "if ((sessionState.username != null) && (sessionState.password
!= null))" condition will always be true.
> This breaks authentication in at least two scenarios:
> 1. Authenticator allows anonymous access and a user wants to login anonymously - instead
he will get AuthenticationException because user "default" will most likely not exist.
> 2. Authenticator doesn't user username/password pairs for login but something like Kerberos
instead. Thrift's login with u:default, p:"" will still be called and AuthenticationException
will be thrown, again.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message