cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coe, Robin" <robin....@bluecoat.com>
Subject RE: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 16:23:51 GMT
I agree.  Getting into LDAP will open a can of worms, especially if the plan is to support
Active Directory.  There are a lot of RFCs on the subject of LDAP and Active Directory doesn't
support them all.

If LDAP is the plan, though, there needs to be support for ssl and tls, at a minimum.

Robin.

-----Original Message-----
From: Jonathan Ellis [mailto:jbellis@gmail.com] 
Sent: November 12, 2009 11:11 AM
To: cassandra-user@incubator.apache.org
Subject: Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and
access control)

2009/11/12 Ted Zlatanov <tzz@lifelogs.com>:
> It sounds like JAAS is a bad idea.  I'll use a modular auth system then,
> with two simple implementations (XML file and LDAP) at first.  The XML
> file will hold account passwords (one-way hashed) and authorizations.

wouldn't it be simpler to just put the password hash in the keyspace definition?

it's less enterprise but if you need something sophisticated you're
probably going to use ldap anyway...

Mime
View raw message