Yes, sound reasonable to add "authenticate" command and require token for
all subsequent commands.
Will update issue description.
On Tue, Apr 10, 2018 at 2:43 PM, Dmitriy Setrakyan <dsetrak...@apache.org>
> On Tue, Apr 10, 2018 at 12:28 AM, Alexey Kuznetsov <akuznet...@apache.org>
> > Dmitriy,
> > Yes, because we have a command "Add new user" and this command can be
> > executed only with credentials of some "admin" user.
> > It means, that in one command you need to specify name of new user and
> > "admin" credentials at the same time.?
> > If you have any ideas how we can handle this - I will be glad to discuss
> > it.
> I am not sure if I agree with the approach you have suggested. In my view,
> we should have "authenticate" command, which should ask for the username
> and password. Once the user is authenticated and logged in, you should use
> the session token to perform all other commands. We should NOT be
> authenticating users on every command.
> If you follow this approach, then the command for adding a new user should
> require any authentication.
> Makes sense?