cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <>
Subject [jira] [Updated] (CASSANDRA-5545) Add SASL authentication to CQL native protocol
Date Tue, 07 May 2013 11:09:15 GMT


Sam Tunnicliffe updated CASSANDRA-5545:

    Attachment: 0001-Add-SASL-authentication-to-CQL-native-protocol.patch

The attached patch adds new message types for SASL negotiation between CQL client & server.
In this patch, SaslAuthBridge represents the interface between SASL & IAuthencator, while
the helper class org.apache.cassandra.transport.sasl.Sasl acts as a registry of which SaslAuthBridge
implementation goes with which IAuthenticator. PasswordAuthenticator, and any other custom
IAuthenticator implementation which receives a username/password pair via Credentials message
or thrift login() call, can be associated with PlainTextSaslAuthBridge. This is done automatically
for PasswordAuthenticator, so there should be no server side changes for clusters without
custom authentication.

Implementors of custom authenticators which do not receive credentials in the same way &
format as PasswordAuthenticator will need to provide their own SaslAuthBridge to extract the
credentials from a SaslServer instance. Depending on the format required by the IAuthenticaor,
this may involve creating or wrapping a SaslServer implementation. See AbstractSaslServer/AbstractSaslAuthBridge
& the PlainText* implementations for an example.
> Add SASL authentication to CQL native protocol
> ----------------------------------------------
>                 Key: CASSANDRA-5545
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Sam Tunnicliffe
>             Fix For: 2.0
>         Attachments: 0001-Add-SASL-authentication-to-CQL-native-protocol.patch
> Adding hooks for SASL authentication would make it much easier to integrate with external
auth providers, such as Kerberos & NTLM.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message