You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cassandra.apache.org by Jonathan Ellis <jb...@gmail.com> on 2009/11/11 16:20:52 UTC
Re: bandwidth limiting Cassandra's replication and access control
2009/11/11 Ted Zlatanov <tz...@lifelogs.com>:
> Should we move this to the devel list, BTW?
Moved.
> Is it OK to keep the local auth info as a field in the CassandraServer
> instance
Yes.
> The other JAAS modules don't support that
> (AFAICT they only work on the current user) so we'd only be able to
> authenticate based on NIS or LDAP, or other JNDI providers. This should
> support at least Active Directory and most Unix shops.
That's fine. Anyone who needs more, is also welcome to submit patches. :)
> We should be able to use anything that extends java.security.Permission
> here; I think you're suggesting a KeyspacePermission but we should also
> have a ClusterPermission. I think we should allow wildcards in the
> resource name.
If we wildcard keyspace why do we need cluster?
> For now the auth can just be
>
> public void authenticateUser(Map<String, String> credentials, String cluster, String keyspace) throws ???
Again, cluster isn't necessary. (Any cassandra server is a member of
exactly one cluster.)
Otherwise, sounds good to me.
-Jonathan