Re: bandwidth limiting Cassandra's replication and access control

[Jonathan Ellis <jb...@gmail.com>]

2009/11/11 Ted Zlatanov <tz...@lifelogs.com>:
> Should we move this to the devel list, BTW?

Moved.

> Is it OK to keep the local auth info as a field in the CassandraServer
> instance

Yes.

> The other JAAS modules don't support that
> (AFAICT they only work on the current user) so we'd only be able to
> authenticate based on NIS or LDAP, or other JNDI providers.  This should
> support at least Active Directory and most Unix shops.

That's fine.  Anyone who needs more, is also welcome to submit patches. :)

> We should be able to use anything that extends java.security.Permission
> here; I think you're suggesting a KeyspacePermission but we should also
> have a ClusterPermission.  I think we should allow wildcards in the
> resource name.

If we wildcard keyspace why do we need cluster?

> For now the auth can just be
>
> public void authenticateUser(Map<String, String> credentials, String cluster, String keyspace) throws ???

Again, cluster isn't necessary.  (Any cassandra server is a member of
exactly one cluster.)

Otherwise, sounds good to me.

-Jonathan