[
https://issues.apache.org/jira/browse/CASSANDRA-19385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abe Ratnofsky reassigned CASSANDRA-19385:
-----------------------------------------
Assignee: Abe Ratnofsky
> ALTER ROLE WITH LOGIN=FALSE and REVOKE ROLE do not disconnect existing users
> ----------------------------------------------------------------------------
>
> Key: CASSANDRA-19385
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19385
> Project: Cassandra
> Issue Type: Bug
> Components: Messaging/Client
> Reporter: Abe Ratnofsky
> Assignee: Abe Ratnofsky
> Priority: Normal
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently, if users want to block a role from connecting to Cassandra, ALTER
> ROLE WITH LOGIN=FALSE and REVOKE ROLE seem like the sensible options. But
> these commands do not disconnect existing connections authenticated with the
> given role, and these connections will stay alive until they're disconnected
> for another reason. Subsequent attempts to connect with that role will fail.
> There is currently no way to disconnect all connections for a given user
> either. nodetool disablebinary will disconnect all client connections for a
> given node, and client sessions can be shut down. But in the case of a
> credential leak or a misconfigured user, it can be desirable to prevent login
> for a given role and disconnect all existing connections for that role.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
