Hi Ted, Java's policy manager controls access to environment variables and code execution. All a JAAS service provides is a hook to pass a user's principal to the security manager. So, the only authorization you can provide at that level is code executed by the Principal. This doesn't include access via the Thrift API, since that code is owned by the user who started the Cassandra service.
Robin. -----Original Message----- From: news [mailto:[email protected]] On Behalf Of Ted Zlatanov Sent: November 11, 2009 4:29 PM To: [email protected] Cc: [email protected] Subject: Re: bandwidth limiting Cassandra's replication and access control On Wed, 11 Nov 2009 07:40:00 -0800 "Coe, Robin" <[email protected]> wrote: CR> Just going to chime in here, because I have experience writing apps CR> that use JAAS and JNDI to authenticate against LDAP and JDBC CR> services. However, I only just started looking at Cassandra this CR> week, so I'm not certain of the premise behind controlling access to CR> the Cassandra service. CR> IMO, auth services should be left to the application layer that CR> interfaces to Cassandra and not built into Cassandra. In the CR> tutorial snippet included below, the access being granted is at the CR> codebase level, not the transaction level. Since users of Cassandra CR> will generally be fronted by a service layer, the java security CR> manager isn’t going to suffice. What this snippet could do, though, CR> and may be the rationale for the request, is to ensure that CR> unauthorized users cannot instantiate a new Cassandra server. CR> However, if a user has physical access to the machine on which CR> Cassandra is installed, they could easily bypass that layer of CR> security. CR> So, I guess I'm wondering whether this discussion pertains to CR> application-layer security, i.e., permission to execute Thrift CR> transactions, or Cassandra service security? Or is it strictly a CR> utility function, to create a map of users to specific Keyspaces, to CR> simplify the Thrift API? (note followups to the devel list) I mentioned I didn't know JAAS so I appreciate any help you can give. Specifically, I don't know yet what is the difference between the codebase level and the transaction level in JAAS terms. Can you explain? I am interested in controlling the Thrift client API, not the Gossip replication service. The authenticating clients will not have physical access to the machine and all the authentication tokens will have to be passed over a Thrift login call. How would you use JAAS+JNDI to control that? The access point is CassandraServer.java as Jonathan mentioned. Ted
