You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by Bao Le <lv...@yahoo.com> on 2013/06/17 23:12:33 UTC

Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family

Hi,
 
  We have a custom  authenticator that works well with Cassandra 1.1.5.
When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName())
if the AuthenticatedUser is not Anonymous user. This isExistingUser method does a query on system_auth.users and if it cannot find the name there, throw an exception.

  If our authentication model involves exchanging data on the fly and not relying on pre-created users, how do we bypass this check? Should we 
add a method on IAuthenticator to specify whether user look-up is needed or not?

Bao

Re: Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family

Posted by Dave Brosius <db...@mebigfatguy.com>.

It seems to me that isExistingUser should be pushed down to the 
IAuthenticator implementation.

Perhaps you should add a ticket to 
https://issues.apache.org/jira/browse/CASSANDRA

On 06/17/2013 05:12 PM, Bao Le wrote:
> Hi,
>
>   We have a custom  authenticator that works well with Cassandra 1.1.5.
> When upgrading to C* 1.2.5, authentication failed. Turn out that in 
> ClientState.login, we make a call to Auth.isExistingUser(user.getName())
> if the AuthenticatedUser is not Anonymous user. This isExistingUser 
> method does a query on system_auth.users and if it cannot find the 
> name there, throw an exception.
>
>   If our authentication model involves exchanging data on the fly and 
> not relying on pre-created users, how do we bypass this check? Should we
> add a method on IAuthenticator to specify whether user look-up is 
> needed or not?
>
> Bao
>
>
>