You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (JIRA)" <ji...@apache.org> on 2013/01/31 20:01:13 UTC

[jira] [Created] (CASSANDRA-5208) cli shouldn't set default username and password

Aleksey Yeschenko created CASSANDRA-5208:
--------------------------------------------

             Summary: cli shouldn't set default username and password
                 Key: CASSANDRA-5208
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5208
             Project: Cassandra
          Issue Type: Bug
          Components: Tools
    Affects Versions: 1.2.1
            Reporter: Aleksey Yeschenko
            Assignee: Aleksey Yeschenko
            Priority: Minor
             Fix For: 1.2.2
         Attachments: 5208.txt

Currently cli sets default username and password if none are set (in CliOptions.processArgs). Because of this cli will always authenticate, whether or not this was the intent of the user and CliMain.connect() "if ((sessionState.username != null) && (sessionState.password != null))" condition will always be true.

This breaks authentication in at least two scenarios:
1. Authenticator allows anonymous access and a user wants to login anonymously - instead he will get AuthenticationException because user "default" will most likely not exist.
2. Authenticator doesn't user username/password pairs for login but something like Kerberos instead. Thrift's login with u:default, p:"" will still be called and AuthenticationException will be thrown, again.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira