incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Bowman <bowman.jos...@gmail.com>
Subject Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control)
Date Thu, 12 Nov 2009 17:58:09 GMT
As an ops guy, want to +1 the ssl and tls requirements for LDAP, especially
to a domain controller, if you want to see adoption of this in enterprise
windows domains. We won't let anything connection, even read-only to our
domain with LDAP, we only allow LDAPS. And this is pretty much standard.

On Thu, Nov 12, 2009 at 11:23 AM, Coe, Robin <robin.coe@bluecoat.com> wrote:

> I agree.  Getting into LDAP will open a can of worms, especially if the
> plan is to support Active Directory.  There are a lot of RFCs on the subject
> of LDAP and Active Directory doesn't support them all.
>
> If LDAP is the plan, though, there needs to be support for ssl and tls, at
> a minimum.
>
> Robin.
>
> -----Original Message-----
> From: Jonathan Ellis [mailto:jbellis@gmail.com]
> Sent: November 12, 2009 11:11 AM
> To: cassandra-user@incubator.apache.org
> Subject: Re: Cassandra access control (was: bandwidth limiting Cassandra's
> replication and access control)
>
> 2009/11/12 Ted Zlatanov <tzz@lifelogs.com>:
> > It sounds like JAAS is a bad idea.  I'll use a modular auth system then,
> > with two simple implementations (XML file and LDAP) at first.  The XML
> > file will hold account passwords (one-way hashed) and authorizations.
>
> wouldn't it be simpler to just put the password hash in the keyspace
> definition?
>
> it's less enterprise but if you need something sophisticated you're
> probably going to use ldap anyway...
>

Mime
View raw message