[
https://issues.apache.org/jira/browse/CASSANDRA-19385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francisco Guerrero updated CASSANDRA-19385:
-------------------------------------------
Reviewers: Francisco Guerrero, Francisco Guerrero
Francisco Guerrero, Francisco Guerrero (was: Francisco Guerrero)
Status: Review In Progress (was: Patch Available)
> ALTER ROLE WITH LOGIN=FALSE and REVOKE ROLE do not disconnect existing users
> ----------------------------------------------------------------------------
>
> Key: CASSANDRA-19385
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19385
> Project: Apache Cassandra
> Issue Type: Bug
> Components: Messaging/Client
> Reporter: Abe Ratnofsky
> Assignee: Abe Ratnofsky
> Priority: Normal
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently, if users want to block a role from connecting to Cassandra, ALTER
> ROLE WITH LOGIN=FALSE and REVOKE ROLE seem like the sensible options. But
> these commands do not disconnect existing connections authenticated with the
> given role, and these connections will stay alive until they're disconnected
> for another reason. Subsequent attempts to connect with that role will fail.
> There is currently no way to disconnect all connections for a given user
> either. nodetool disablebinary will disconnect all client connections for a
> given node, and client sessions can be shut down. But in the case of a
> credential leak or a misconfigured user, it can be desirable to prevent login
> for a given role and disconnect all existing connections for that role.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
