You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (JIRA)" <ji...@apache.org> on 2013/01/31 20:01:13 UTC
[jira] [Created] (CASSANDRA-5208) cli shouldn't set default
username and password
Aleksey Yeschenko created CASSANDRA-5208:
--------------------------------------------
Summary: cli shouldn't set default username and password
Key: CASSANDRA-5208
URL: https://issues.apache.org/jira/browse/CASSANDRA-5208
Project: Cassandra
Issue Type: Bug
Components: Tools
Affects Versions: 1.2.1
Reporter: Aleksey Yeschenko
Assignee: Aleksey Yeschenko
Priority: Minor
Fix For: 1.2.2
Attachments: 5208.txt
Currently cli sets default username and password if none are set (in CliOptions.processArgs). Because of this cli will always authenticate, whether or not this was the intent of the user and CliMain.connect() "if ((sessionState.username != null) && (sessionState.password != null))" condition will always be true.
This breaks authentication in at least two scenarios:
1. Authenticator allows anonymous access and a user wants to login anonymously - instead he will get AuthenticationException because user "default" will most likely not exist.
2. Authenticator doesn't user username/password pairs for login but something like Kerberos instead. Thrift's login with u:default, p:"" will still be called and AuthenticationException will be thrown, again.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira