cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <>
Subject Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 15:12:56 GMT
2009/11/12 Ted Zlatanov <>:
> On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro <>
> AM> How will authentication work with non-java clients?  I don't think thrift
> AM> itself has authentication built in, and it sounds like a java library is
> AM> being proposed for the guts.  Will it still be possible to connect from
> AM> a non-java client or will the thrift interface be deprecated?
> The client will login with a Map<String,String> of login tokens and get
> an auth token (probably a String containing a UUID) back.  The token
> will be valid for the duration of the client connection and will grant
> access to a single keyspace.  Effectively, the token replaces the old
> Keyspace argument in all Thrift API calls.

I'd really prefer to just keep that around in a threadlocal.  There's
no reason for a client to continue passing a token w/ each call that
the server already knows.

> I am thinking of allowing dual operation where if you pass a keyspace
> name without login, it works on servers that don't have authentication
> enabled.

The default should definitely be, "don't break people who don't need
the new feature more than necessary."  So the default should be
"accept any client to any keyspace."


View raw message