cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <jbel...@gmail.com>
Subject Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 15:12:56 GMT
2009/11/12 Ted Zlatanov <tzz@lifelogs.com>:
> On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro <anthonym@alumni.caltech.edu>
wrote:
>
> AM> How will authentication work with non-java clients?  I don't think thrift
> AM> itself has authentication built in, and it sounds like a java library is
> AM> being proposed for the guts.  Will it still be possible to connect from
> AM> a non-java client or will the thrift interface be deprecated?
>
> The client will login with a Map<String,String> of login tokens and get
> an auth token (probably a String containing a UUID) back.  The token
> will be valid for the duration of the client connection and will grant
> access to a single keyspace.  Effectively, the token replaces the old
> Keyspace argument in all Thrift API calls.

I'd really prefer to just keep that around in a threadlocal.  There's
no reason for a client to continue passing a token w/ each call that
the server already knows.

> I am thinking of allowing dual operation where if you pass a keyspace
> name without login, it works on servers that don't have authentication
> enabled.

The default should definitely be, "don't break people who don't need
the new feature more than necessary."  So the default should be
"accept any client to any keyspace."

-Jonathan

Mime
View raw message