incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Ellis <jbel...@gmail.com>
Subject Re: bandwidth limiting Cassandra's replication and access control
Date Wed, 11 Nov 2009 15:20:52 GMT
2009/11/11 Ted Zlatanov <tzz@lifelogs.com>:
> Should we move this to the devel list, BTW?

Moved.

> Is it OK to keep the local auth info as a field in the CassandraServer
> instance

Yes.

> The other JAAS modules don't support that
> (AFAICT they only work on the current user) so we'd only be able to
> authenticate based on NIS or LDAP, or other JNDI providers.  This should
> support at least Active Directory and most Unix shops.

That's fine.  Anyone who needs more, is also welcome to submit patches. :)

> We should be able to use anything that extends java.security.Permission
> here; I think you're suggesting a KeyspacePermission but we should also
> have a ClusterPermission.  I think we should allow wildcards in the
> resource name.

If we wildcard keyspace why do we need cluster?

> For now the auth can just be
>
> public void authenticateUser(Map<String, String> credentials, String cluster, String
keyspace) throws ???

Again, cluster isn't necessary.  (Any cassandra server is a member of
exactly one cluster.)

Otherwise, sounds good to me.

-Jonathan

Mime
View raw message