incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Zlatanov <...@lifelogs.com>
Subject Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 14:47:29 GMT
On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro <anthonym@alumni.caltech.edu> wrote:


AM> How will authentication work with non-java clients?  I don't think thrift
AM> itself has authentication built in, and it sounds like a java library is
AM> being proposed for the guts.  Will it still be possible to connect from
AM> a non-java client or will the thrift interface be deprecated?

The client will login with a Map<String,String> of login tokens and get
an auth token (probably a String containing a UUID) back.  The token
will be valid for the duration of the client connection and will grant
access to a single keyspace.  Effectively, the token replaces the old
Keyspace argument in all Thrift API calls.

I am thinking of allowing dual operation where if you pass a keyspace
name without login, it works on servers that don't have authentication
enabled.  If the keyspace name is really an auth token (say,
"auth@UUID-GOES-HERE") then we look up that auth token and proceed
accordingly.  So the old Thrift clients will work with new Cassandra
servers as long as authentication is disabled.

Ted


Mime
View raw message