[
https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16778536#comment-16778536
]
Dinesh Joshi commented on CASSANDRA-9384:
-----------------------------------------
bq. First of all, there's no such property in the conf or bin files, so it will
most likely leave users confused and some may even think they have to add this
property, in case it isn't set yet.
Right, the {{cassandra.auth_bcrypt_gensalt_log2_rounds}} is not documented
anywhere in Cassandra docs. It is a JVM arg that is passed into the process. My
assumption was that only users who've passed in that property would know about
it :). I am open to rewording it to make it clearer. What do you propose?
bq. Also, what happens to existing hashes with 31 rounds? Upgrading to 0.4 will
make all authentication attempts fail, see my first comment in thread. Changing
the property will not solve this.
So Cassandra will not accept `31` at all. The user must reduce this value
prior to upgrading to this version. We can call this out explicitly in the
notes. WDYT?
> Update jBCrypt dependency to version 0.4
> ----------------------------------------
>
> Key: CASSANDRA-9384
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9384
> Project: Cassandra
> Issue Type: Bug
> Reporter: Sam Tunnicliffe
> Assignee: Dinesh Joshi
> Priority: Major
> Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x
>
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=2097
> Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4
> indicate that this is now fixed, so we should update.
> Thanks to [~Bereng] for identifying the issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
