You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2013/05/07 13:09:15 UTC

[jira] [Updated] (CASSANDRA-5545) Add SASL authentication to CQL native protocol

     [ https://issues.apache.org/jira/browse/CASSANDRA-5545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sam Tunnicliffe updated CASSANDRA-5545:
---------------------------------------

    Attachment: 0001-Add-SASL-authentication-to-CQL-native-protocol.patch

The attached patch adds new message types for SASL negotiation between CQL client & server. In this patch, SaslAuthBridge represents the interface between SASL & IAuthencator, while
the helper class org.apache.cassandra.transport.sasl.Sasl acts as a registry of which SaslAuthBridge implementation goes with which IAuthenticator. PasswordAuthenticator, and any other custom IAuthenticator implementation which receives a username/password pair via Credentials message or thrift login() call, can be associated with PlainTextSaslAuthBridge. This is done automatically for PasswordAuthenticator, so there should be no server side changes for clusters without custom authentication.

Implementors of custom authenticators which do not receive credentials in the same way & format as PasswordAuthenticator will need to provide their own SaslAuthBridge to extract the credentials from a SaslServer instance. Depending on the format required by the IAuthenticaor, this may involve creating or wrapping a SaslServer implementation. See AbstractSaslServer/AbstractSaslAuthBridge & the PlainText* implementations for an example.
                
> Add SASL authentication to CQL native protocol
> ----------------------------------------------
>
>                 Key: CASSANDRA-5545
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5545
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Sam Tunnicliffe
>             Fix For: 2.0
>
>         Attachments: 0001-Add-SASL-authentication-to-CQL-native-protocol.patch
>
>
> Adding hooks for SASL authentication would make it much easier to integrate with external auth providers, such as Kerberos & NTLM.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira