I agree. Getting into LDAP will open a can of worms, especially if the plan is to support Active Directory. There are a lot of RFCs on the subject of LDAP and Active Directory doesn't support them all.
If LDAP is the plan, though, there needs to be support for ssl and tls, at a minimum. Robin. -----Original Message----- From: Jonathan Ellis [mailto:[email protected]] Sent: November 12, 2009 11:11 AM To: [email protected] Subject: Re: Cassandra access control (was: bandwidth limiting Cassandra's replication and access control) 2009/11/12 Ted Zlatanov <[email protected]>: > It sounds like JAAS is a bad idea. I'll use a modular auth system then, > with two simple implementations (XML file and LDAP) at first. The XML > file will hold account passwords (one-way hashed) and authorizations. wouldn't it be simpler to just put the password hash in the keyspace definition? it's less enterprise but if you need something sophisticated you're probably going to use ldap anyway...
