cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-10209) Missing role manager in cassandra.yaml causes unexpected behaviour
Date Mon, 07 Sep 2015 11:16:45 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-10209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14733554#comment-14733554
] 

Sam Tunnicliffe commented on CASSANDRA-10209:
---------------------------------------------

bq. I'm not sure what other resources should be excluded from client mode, and I'd rather
not do it halfway.

Not sure I completely follow; it isn't that those resources are excluded from client mode,
rather that when *not* in client mode (and so cassandra.yaml isn't read), don't attempt to
figure out which of the {{system_auth}} tables are not modifiable. Which seems reasonable,
as if an IAuthenticator/IAuthorizer/IRoleManager is set in the yaml, those won't be correct
anyway.

> Missing role manager in cassandra.yaml causes unexpected behaviour
> ------------------------------------------------------------------
>
>                 Key: CASSANDRA-10209
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10209
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 2.2.x, 3.0.0 rc1
>
>
> On upgrading to 2.2+, if the new {{role_manager}} option is not added to {{cassandra.yaml}},
an instance of the default {{CassandraRoleManager}} is created during initialization of {{DatabaseDescriptor}}.
This is a problem as the set of role options supported by {{CRM}} depends on the configured
{{IAuthenticator}}, which at that point in time is always {{AllowAllAuthenticator}}.
> This StackOverflow post describes the problem; the configured authenticator is {{PasswordAuthenticator}},
the role manager should allow roles to be created using the {{PASSWORD}} option, but it does
not.
> http://stackoverflow.com/questions/31820914/in-cassandra-2-2-unable-to-create-role-containing-password
> The simple workaround is to ensure that yaml contains the role manager option
> {code}
> role_manager: CassandraRoleManager
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message