cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Adamson (JIRA)" <>
Subject [jira] [Created] (CASSANDRA-7686) Add proxy authentication to PasswordAuthenticator
Date Mon, 04 Aug 2014 16:10:14 GMT
Mike Adamson created CASSANDRA-7686:

             Summary: Add proxy authentication to PasswordAuthenticator
                 Key: CASSANDRA-7686
             Project: Cassandra
          Issue Type: New Feature
          Components: Core
            Reporter: Mike Adamson
             Fix For: 3.0

The SASL plain text protocol supports the concept of an authorization ID that is used for
any authorization requests during the authenticated session.
This authorization ID is (optionally) passed during the SASL exchange as part of the SASL
plain text message. It is currently ignored by the PasswordAuthenticator.

This field is typically used by web applications to authenticate using a fixed set of authentication
credentials but allow authorization of resources based another user id. It allows the application
to authenticate users using their own authentication mechanism without having to store the
users credentials to log into the downstream system.

It would be useful if the PasswordAuthenticator could use this field (if present) as the user
id for the AuthenticatedUser instead of the authentication ID currently used.

This would need a mechanism to allow / deny one user to proxy to another and the ability to
check whether proxying is allowed for a user / proxy pair.

This message was sent by Atlassian JIRA

View raw message