Return-Path: Delivered-To: apmail-incubator-cassandra-user-archive@minotaur.apache.org Received: (qmail 85806 invoked from network); 12 Nov 2009 16:25:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Nov 2009 16:25:01 -0000 Received: (qmail 16007 invoked by uid 500); 12 Nov 2009 16:25:01 -0000 Delivered-To: apmail-incubator-cassandra-user-archive@incubator.apache.org Received: (qmail 15983 invoked by uid 500); 12 Nov 2009 16:25:01 -0000 Mailing-List: contact cassandra-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cassandra-user@incubator.apache.org Delivered-To: mailing list cassandra-user@incubator.apache.org Received: (qmail 15974 invoked by uid 99); 12 Nov 2009 16:25:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Nov 2009 16:25:01 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=FS_REPLICA,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of robin.coe@bluecoat.com designates 216.52.23.28 as permitted sender) Received: from [216.52.23.28] (HELO whisker.bluecoat.com) (216.52.23.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Nov 2009 16:24:53 +0000 Received: from bcs-mail04.internal.cacheflow.com (bcsmail04.internal.cacheflow.com [10.2.2.56] (may be forged)) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id nACGOVL8002507 for ; Thu, 12 Nov 2009 08:24:31 -0800 (PST) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control) Date: Thu, 12 Nov 2009 08:23:51 -0800 Message-ID: <764B352CF55C514F816B4B14BD2450D803DBC3C0@bcs-mail04.internal.cacheflow.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control) Thread-Index: AcpjsuvOcg9fl3y+REO+V4NSGJe6zAAABjBg References: <87eio6p7pb.fsf@lifelogs.com> <87hbt1nnur.fsf@lifelogs.com> <764B352CF55C514F816B4B14BD2450D803DBB97B@bcs-mail04.internal.cacheflow.com> <764B352CF55C514F816B4B14BD2450D803DBBF2C@bcs-mail04.internal.cacheflow.com> <97635523-9F34-4A3B-81AB-A2DDFA1E4BDC@Holsman.net> <871vk3ssbf.fsf@lifelogs.com> <764B352CF55C514F816B4B14BD2450D803DBC33F@bcs-mail04.internal.cacheflow.com> <87aayrram1.fsf_-_@lifelogs.com> From: "Coe, Robin" To: X-Virus-Checked: Checked by ClamAV on apache.org I agree. Getting into LDAP will open a can of worms, especially if the = plan is to support Active Directory. There are a lot of RFCs on the = subject of LDAP and Active Directory doesn't support them all. If LDAP is the plan, though, there needs to be support for ssl and tls, = at a minimum. Robin. -----Original Message----- From: Jonathan Ellis [mailto:jbellis@gmail.com]=20 Sent: November 12, 2009 11:11 AM To: cassandra-user@incubator.apache.org Subject: Re: Cassandra access control (was: bandwidth limiting = Cassandra's replication and access control) 2009/11/12 Ted Zlatanov : > It sounds like JAAS is a bad idea. =A0I'll use a modular auth system = then, > with two simple implementations (XML file and LDAP) at first. =A0The = XML > file will hold account passwords (one-way hashed) and authorizations. wouldn't it be simpler to just put the password hash in the keyspace = definition? it's less enterprise but if you need something sophisticated you're probably going to use ldap anyway...