Return-Path: 
 <user-return-34646-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-user-archive@www.apache.org
Delivered-To: apmail-cassandra-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2AA9E10E4C
	for <apmail-cassandra-user-archive@www.apache.org>;
 Mon, 17 Jun 2013 22:31:17 +0000 (UTC)
Received: (qmail 92569 invoked by uid 500); 17 Jun 2013 22:31:14 -0000
Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org
Received: (qmail 92548 invoked by uid 500); 17 Jun 2013 22:31:14 -0000
Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@cassandra.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@cassandra.apache.org>
List-Post: <mailto:user@cassandra.apache.org>
List-Id: <user.cassandra.apache.org>
Reply-To: user@cassandra.apache.org
Delivered-To: mailing list user@cassandra.apache.org
Received: (qmail 92538 invoked by uid 99); 17 Jun 2013 22:31:14 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jun 2013 22:31:14 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE
X-Spam-Check-By: apache.org
Received-SPF: error (athena.apache.org: local policy)
Received: from [72.35.23.37] (HELO smtp-out2.electric.net) (72.35.23.37)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jun 2013 22:31:09 +0000
Received: from 1UohwR-0004Q5-UC by worden.electric.net with emc1-ok (Exim
 4.77)
	(envelope-from <dbrosius@mebigfatguy.com>)
	id 1UohwR-0004QM-Vd
	for user@cassandra.apache.org; Mon, 17 Jun 2013 15:30:27 -0700
Received: by emcmailer; Mon, 17 Jun 2013 15:30:27 -0700
Received: from [10.86.10.83] (helo=fuseout2c)
	by worden.electric.net with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.77)
	(envelope-from <dbrosius@mebigfatguy.com>)
	id 1UohwR-0004Q5-UC
	for user@cassandra.apache.org; Mon, 17 Jun 2013 15:30:27 -0700
Received: from mailanyone.net
	by fuseout2c with esmtpsa (TLSv1:CAMELLIA256-SHA:256)
	(MailAnyone extSMTP dbrosius@baybroadband.net)
	id 1UohwL-0005Qt-Ai
	for user@cassandra.apache.org; Mon, 17 Jun 2013 15:30:27 -0700
Message-ID: <51BF8DDF.6020604@mebigfatguy.com>
Date: Mon, 17 Jun 2013 18:29:51 -0400
From: Dave Brosius <dbrosius@mebigfatguy.com>
User-Agent: Mozilla/5.0 (X11; Linux i686;
 rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: user@cassandra.apache.org
Subject: Re: Custom 1.2 Authentication plugin will not work unless user is
 in system_auth.users column family
References: <1371503553.41477.YahooMailNeo@web142802.mail.bf1.yahoo.com>
In-Reply-To: <1371503553.41477.YahooMailNeo@web142802.mail.bf1.yahoo.com>
Content-Type: multipart/alternative;
 boundary="------------040201030604020604050901"
X-Outbound-IP: 10.86.10.83
X-Env-From: dbrosius@mebigfatguy.com
X-Virus-Checked: Checked by ClamAV on apache.org

This is a multi-part message in MIME format.
--------------040201030604020604050901
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

It seems to me that isExistingUser should be pushed down to the 
IAuthenticator implementation.

Perhaps you should add a ticket to 
https://issues.apache.org/jira/browse/CASSANDRA

On 06/17/2013 05:12 PM, Bao Le wrote:
> Hi,
>
>   We have a custom  authenticator that works well with Cassandra 1.1.5.
> When upgrading to C* 1.2.5, authentication failed. Turn out that in 
> ClientState.login, we make a call to Auth.isExistingUser(user.getName())
> if the AuthenticatedUser is not Anonymous user. This isExistingUser 
> method does a query on system_auth.users and if it cannot find the 
> name there, throw an exception.
>
>   If our authentication model involves exchanging data on the fly and 
> not relying on pre-created users, how do we bypass this check? Should we
> add a method on IAuthenticator to specify whether user look-up is 
> needed or not?
>
> Bao
>
>
>


--------------040201030604020604050901
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">It seems to me that isExistingUser
      should be pushed down to the IAuthenticator implementation.<br>
      <br>
      Perhaps you should add a ticket to
      <meta http-equiv="content-type" content="text/html;
        charset=ISO-8859-1">
      <a href="https://issues.apache.org/jira/browse/CASSANDRA">https://issues.apache.org/jira/browse/CASSANDRA</a><br>
      <br>
      On 06/17/2013 05:12 PM, Bao Le wrote:<br>
    </div>
    <blockquote
      cite="mid:1371503553.41477.YahooMailNeo@web142802.mail.bf1.yahoo.com"
      type="cite">
      <div style="color:#000; background-color:#fff; font-family:times
        new roman, new york, times, serif;font-size:12pt">Hi,<br>
        &nbsp;<br>
        &nbsp; We have a custom&nbsp; authenticator that works well with Cassandra
        1.1.5.<br>
        When upgrading to C* 1.2.5, authentication failed. Turn out that
        in ClientState.login, we make a call to
        Auth.isExistingUser(user.getName())<br>
        if the AuthenticatedUser is not Anonymous user. This
        isExistingUser method does a query on system_auth.users and if
        it cannot find the name there, throw an exception.<br>
        <br>
        &nbsp; If our authentication model involves exchanging data on the
        fly and not relying on pre-created users, how do we bypass this
        check? Should we <br>
        add a method on IAuthenticator to specify whether user look-up
        is needed or not?<br>
        <br>
        Bao <br>
        <br>
        <br>
        <div><br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>

--------------040201030604020604050901--