cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CASSANDRA-5651) Custom authentication plugin should not need to prepopulate users in system_auth.users column family
Date Tue, 18 Jun 2013 13:13:22 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aleksey Yeschenko resolved CASSANDRA-5651.
------------------------------------------

    Resolution: Not A Problem

It's also worth noting that Oracle, MySQL and PostgreSQL all require registering users internally
via CREATE USER .. IDENTIFIED EXTERNALLY (Oracle and MySQL) and CREATE ROLE (PostgreSQL) for
pluggable authenticators, and it's not optional.
                
> Custom authentication plugin should not need to prepopulate users in system_auth.users
column family
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-5651
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5651
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.2.5
>         Environment: RHEL 6.3, jdk 1.7
>            Reporter: Bao Le
>
> Current implementation in ClientState.login makes a call to Auth.isExistingUser(user.getName())
if the AuthenticatedUser is not Anonymous. This involves querying system_auth.users column
family.
> Our custom authentication plugin does not need to pre-create and store users, and it
worked fine under 1.1.5. On 1.2.5, however, we run into authentication problem because of
this.
> I feel we  should either do this isExistingUser check inside IAuthenticator.authenticate,
or expose another boolean method similar to IAuthenticator.requireAuthentication() so that
custom authentication plugin can skip this isExistingUser check if needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message