[
https://issues.apache.org/jira/browse/CASSANDRA-8068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeremiah Jordan reopened CASSANDRA-8068:
----------------------------------------
Assignee: Sam Tunnicliffe (was: Jacek Lewandowski)
[~beobal] there are multiple use cases where this would be beneficial and I
think it would be good to get a change like this in before we ship 3.0. Being
able to restrict login by ip is a very common thing to do in authentication.
Besides that being able to track where login attempts are coming from is
essential for many types of users.
It probably makes the most sense to update the
IAuthenticator::newSaslNegotiator call and add a QueryState/ClientState
parameter to it, and an authenticator can track it that way.
> Allow to create authenticator which is aware of the client connection
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-8068
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8068
> Project: Cassandra
> Issue Type: New Feature
> Components: Core
> Reporter: Jacek Lewandowski
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Labels: security
>
> Currently, the authenticator interface doesn't allow to make a decision
> according to the client connection properties (especially the client host
> name or address).
> The idea is to add the interface which extends the current SASL aware
> authenticator interface with additional method to set the client connection.
> ServerConnection then could supply the connection to the authenticator if the
> authenticator implements that interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
