This is an area of interest for me personally and is an important feature. Not sure if the original author is going to see it through since we've not had any discussion on it for a while.
Is anybody interested in picking this up? Dinesh On Thu, Sep 19, 2024 at 10:54 AM Patrick McFadin <pmcfa...@gmail.com> wrote: > Hi Jacek, > > I was doing some housekeeping on CEPs and noticed this stalled. Is this > still a CEP you are advocating for? > > Anyone else that knows the status, feel free to add in. > > Patrick > > On Wed, May 31, 2023 at 8:26 AM Derek Chen-Becker <de...@chen-becker.org> > wrote: > >> Hi Jacek, >> >> I took a quick look through the CEP and I think I understand the >> implementation you're donating. I don't think that the approach you're >> taking and the approach I proposed are contradictory, but I want to make >> sure I'm understanding some aspects of the CEP: >> >> 1. Is there any mechanism for discovery so that the client knows which >> authenticators are supported? The main use case I see here is that since >> the client drives selection of the authenticator, the client probably wants >> to utilize the strongest mutually supported mechanism >> 2. Can you specify the client/server exchange in a state diagram or more >> clearly detail which messages are involved? The CEP states that "The driver >> sends an additional preamble along with the initial SASL authentication >> message". Is the "initial SASL auth message" the AUTH_RESPONSE? Are you >> basically saying that the server sends the AUTHENTICATE message with a >> class name, so does the client basically respond with "No, here's the >> authenticator I want to use" in the preamble? >> 3. Does the donated code for the server already handle hot >> reconfiguration of authenticators? The CEP states "We want to make it >> possible to add, ..." so I wasn't sure if that was future work or not >> >> I think I need to re-read and digest, but on first run-through this looks >> really interesting! >> >> Cheers, >> >> Derek >> >> On Fri, May 26, 2023 at 8:09 AM Jacek Lewandowski < >> lewandowski.ja...@gmail.com> wrote: >> >>> Hi, >>> >>> I'd like to start a discussion on negotiated authentication and >>> improvements to authentication, authorization, and role management in >>> general. A draft of proposed changes is included in CEP-31. >>> >>> >>> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-31+%28DRAFT%29+Negotiated+authentication+and+authorization >>> >>> thanks, >>> - - -- --- ----- -------- ------------- >>> Jacek Lewandowski >>> >> >> >> -- >> +---------------------------------------------------------------+ >> | Derek Chen-Becker | >> | GPG Key available at https://keybase.io/dchenbecker and | >> | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | >> | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | >> +---------------------------------------------------------------+ >> >>
