Aleksey Yeschenko created CASSANDRA-5208:
--------------------------------------------
Summary: cli shouldn't set default username and password
Key: CASSANDRA-5208
URL: https://issues.apache.org/jira/browse/CASSANDRA-5208
Project: Cassandra
Issue Type: Bug
Components: Tools
Affects Versions: 1.2.1
Reporter: Aleksey Yeschenko
Assignee: Aleksey Yeschenko
Priority: Minor
Fix For: 1.2.2
Attachments: 5208.txt
Currently cli sets default username and password if none are set (in
CliOptions.processArgs). Because of this cli will always authenticate, whether
or not this was the intent of the user and CliMain.connect() "if
((sessionState.username != null) && (sessionState.password != null))" condition
will always be true.
This breaks authentication in at least two scenarios:
1. Authenticator allows anonymous access and a user wants to login anonymously
- instead he will get AuthenticationException because user "default" will most
likely not exist.
2. Authenticator doesn't user username/password pairs for login but something
like Kerberos instead. Thrift's login with u:default, p:"" will still be called
and AuthenticationException will be thrown, again.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
