You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by Bao Le <lv...@yahoo.com> on 2013/06/17 23:12:33 UTC
Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family
Hi,
We have a custom authenticator that works well with Cassandra 1.1.5.
When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName())
if the AuthenticatedUser is not Anonymous user. This isExistingUser method does a query on system_auth.users and if it cannot find the name there, throw an exception.
If our authentication model involves exchanging data on the fly and not relying on pre-created users, how do we bypass this check? Should we
add a method on IAuthenticator to specify whether user look-up is needed or not?
Bao
Re: Custom 1.2 Authentication plugin will not work unless user is
in system_auth.users column family
Posted by Dave Brosius <db...@mebigfatguy.com>.
It seems to me that isExistingUser should be pushed down to the
IAuthenticator implementation.
Perhaps you should add a ticket to
https://issues.apache.org/jira/browse/CASSANDRA
On 06/17/2013 05:12 PM, Bao Le wrote:
> Hi,
>
> We have a custom authenticator that works well with Cassandra 1.1.5.
> When upgrading to C* 1.2.5, authentication failed. Turn out that in
> ClientState.login, we make a call to Auth.isExistingUser(user.getName())
> if the AuthenticatedUser is not Anonymous user. This isExistingUser
> method does a query on system_auth.users and if it cannot find the
> name there, throw an exception.
>
> If our authentication model involves exchanging data on the fly and
> not relying on pre-created users, how do we bypass this check? Should we
> add a method on IAuthenticator to specify whether user look-up is
> needed or not?
>
> Bao
>
>
>