[jira] [Commented] (CASSANDRA-16456) Add Plugin Support for CQLSH

Tue, 21 Sep 2021 08:30:07 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17418173#comment-17418173
 ] 

Dinesh Joshi commented on CASSANDRA-16456:
------------------------------------------

This is a good initiative. I'm +1 on extending the auth providers that cqlsh 
support. I wanted to add a couple thoughts -

1. CQLSH also supports certificate based authentication by providing client 
certificates in cqlshrc. 
https://github.com/apache/cassandra/blob/trunk/conf/cqlshrc.sample#L109 This 
can be used to implement "mutual TLS" authentication. With short lived 
certificates this can be a great way to authenticate clients.

2. We may need to also extend the CQL protocol. We can extend the current SASL 
implementation that can negotiate various authentication mechanisms. This was 
discussed in https://issues.apache.org/jira/browse/CASSANDRA-11471 Check it out 
and lets see if there is a good approach to achieve your goal.

[~samt] WDYT?

> Add Plugin Support for CQLSH
> ----------------------------
>
>                 Key: CASSANDRA-16456
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16456
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Tool/cqlsh
>            Reporter: Brian Houser
>            Priority: Normal
>              Labels: gsoc2021, mentor
>
> Currently the Cassandra drivers offer a plugin authenticator architecture for 
> the support of different authentication methods. This has been leveraged to 
> provide support for LDAP, Kerberos, and Sigv4 authentication. Unfortunately, 
> cqlsh, the included CLI tool, does not offer such support. Switching to a new 
> enhanced authentication scheme thus means being cut off from using cqlsh in 
> normal operation.
> We should have a means of using the same plugins and authentication providers 
> as the Python Cassandra driver.
> Here's a link to an initial draft of 
> [CEP|https://docs.google.com/document/d/1_G-OZCAEmDyuQuAN2wQUYUtZBEJpMkHWnkYELLhqvKc/edit?usp=sharing].



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to