cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Zlatanov <>
Subject Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 14:47:29 GMT
On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro <> wrote:

AM> How will authentication work with non-java clients?  I don't think thrift
AM> itself has authentication built in, and it sounds like a java library is
AM> being proposed for the guts.  Will it still be possible to connect from
AM> a non-java client or will the thrift interface be deprecated?

The client will login with a Map<String,String> of login tokens and get
an auth token (probably a String containing a UUID) back.  The token
will be valid for the duration of the client connection and will grant
access to a single keyspace.  Effectively, the token replaces the old
Keyspace argument in all Thrift API calls.

I am thinking of allowing dual operation where if you pass a keyspace
name without login, it works on servers that don't have authentication
enabled.  If the keyspace name is really an auth token (say,
"auth@UUID-GOES-HERE") then we look up that auth token and proceed
accordingly.  So the old Thrift clients will work with new Cassandra
servers as long as authentication is disabled.


View raw message