cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <>
Subject Re: bandwidth limiting Cassandra's replication and access control
Date Wed, 11 Nov 2009 15:20:52 GMT
2009/11/11 Ted Zlatanov <>:
> Should we move this to the devel list, BTW?


> Is it OK to keep the local auth info as a field in the CassandraServer
> instance


> The other JAAS modules don't support that
> (AFAICT they only work on the current user) so we'd only be able to
> authenticate based on NIS or LDAP, or other JNDI providers.  This should
> support at least Active Directory and most Unix shops.

That's fine.  Anyone who needs more, is also welcome to submit patches. :)

> We should be able to use anything that extends
> here; I think you're suggesting a KeyspacePermission but we should also
> have a ClusterPermission.  I think we should allow wildcards in the
> resource name.

If we wildcard keyspace why do we need cluster?

> For now the auth can just be
> public void authenticateUser(Map<String, String> credentials, String cluster, String
keyspace) throws ???

Again, cluster isn't necessary.  (Any cassandra server is a member of
exactly one cluster.)

Otherwise, sounds good to me.


View raw message