cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stu Hood" <>
Subject Re: bandwidth limiting Cassandra's replication and access control
Date Thu, 12 Nov 2009 05:11:53 GMT
Hey Ted,

Would you mind creating a ticket for this issue in JIRA? A lot of discussion has gone on,
and a place to collect the design and feedback would be a good start.


-----Original Message-----
From: "Ted Zlatanov" <>
Sent: Wednesday, November 11, 2009 3:28pm
Subject: Re: bandwidth limiting Cassandra's replication and access control

On Wed, 11 Nov 2009 07:40:00 -0800 "Coe, Robin" <> wrote: 

CR> Just going to chime in here, because I have experience writing apps
CR> that use JAAS and JNDI to authenticate against LDAP and JDBC
CR> services.  However, I only just started looking at Cassandra this
CR> week, so I'm not certain of the premise behind controlling access to
CR> the Cassandra service.

CR> IMO, auth services should be left to the application layer that
CR> interfaces to Cassandra and not built into Cassandra.  In the
CR> tutorial snippet included below, the access being granted is at the
CR> codebase level, not the transaction level.  Since users of Cassandra
CR> will generally be fronted by a service layer, the java security
CR> manager isn’t going to suffice.  What this snippet could do, though,
CR> and may be the rationale for the request, is to ensure that
CR> unauthorized users cannot instantiate a new Cassandra server.
CR> However, if a user has physical access to the machine on which
CR> Cassandra is installed, they could easily bypass that layer of
CR> security.

CR> So, I guess I'm wondering whether this discussion pertains to
CR> application-layer security, i.e., permission to execute Thrift
CR> transactions, or Cassandra service security?  Or is it strictly a
CR> utility function, to create a map of users to specific Keyspaces, to
CR> simplify the Thrift API?

(note followups to the devel list)

I mentioned I didn't know JAAS so I appreciate any help you can give.
Specifically, I don't know yet what is the difference between the
codebase level and the transaction level in JAAS terms.  Can you

I am interested in controlling the Thrift client API, not the Gossip
replication service.  The authenticating clients will not have physical
access to the machine and all the authentication tokens will have to be
passed over a Thrift login call. How would you use JAAS+JNDI to control
that?  The access point is as Jonathan mentioned.


View raw message