cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <>
Subject [jira] [Updated] (CASSANDRA-5545) Add SASL authentication to CQL native protocol
Date Fri, 31 May 2013 09:57:22 GMT


Sylvain Lebresne updated CASSANDRA-5545:

    Attachment: 0001-Adds-AUTH_SUCCESS-message-as-follow-up-to-5545.txt

Actually, I've just realized that we were throwing away the last challenge of the server (once
authentication is complete), but SASL requires that we sent it to the client since it may
contains final information required by the client to finalize authentication on its size.

So I think for completeness sake we need a new AUTH_SUCCESS message that ships that last information
rather than just a READY message. My bad for suggesting otherwise.

Anyway, I've committed the patch that I attach here for the record that adds this AUTH_SUCCESS
message. The patch also allow tokens to be > 64k (it uses an int instead of a short for
the size) because that's what I wrote in the spec, and while I doubt any authenticator would
need more than 64K tokens, there is no point in risking it in that case.

If someone disagrees with that last patch, please feel free to voice yourself.
> Add SASL authentication to CQL native protocol
> ----------------------------------------------
>                 Key: CASSANDRA-5545
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>             Fix For: 2.0
>         Attachments: 0001-Add-SASL-authentication-to-CQL-native-protocol.patch, 0001-Add-SASL-hooks-to-CQL-native-protocol.patch,
0001-Add-SASL-hooks-to-CQL-native-protocol-v3.patch, 0001-Adds-AUTH_SUCCESS-message-as-follow-up-to-5545.txt
> Adding hooks for SASL authentication would make it much easier to integrate with external
auth providers, such as Kerberos & NTLM.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message