Differences between revisions 3 and 4
Revision 3 as of 2010-10-18 20:12:45
Size: 1116
Editor: StuHood
Comment:
Revision 4 as of 2013-09-06 02:44:51
Size: 183
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
== Cassandra's Extensible Authentication/Authorization ==

Cassandra uses an extensible authentication/authorization mechanism found in the org.apache.cassandra.auth Java source package. It is configured in conf/storage-conf.xml (0.6.x) and conf/cassandra.yaml (0.7+). 0.6 uses the `IAuthenticator` interface to provide both authentication and authorization, but 0.7 splits the interface into `IAuthenticator` to provide authentication, and `IAuthority` to provide authorization.

There are two complementary implementations of these interfaces built-in:

 * The default `AllowAllAuthenticator` (and `AllowAllAuthority` in 0.7) approach is essentially pass-through.
 * `SimpleAuthenticator` (and `SimpleAuthority` in 0.7) is property file based (using passwd.properties and access.properties). For more information on this approach, see the source in org.apache.cassandra.auth. In 0.7, the format of the access.properties configuration is slightly different.

Both of the built-in options implement `IAuthenticator` (and `IAuthority` in 0.7). Those wanting custom auth implementations can start there.
TODO: update this in light of http://www.planetcassandra.org/blog/post/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra

ExtensibleAuth (last edited 2013-11-14 18:08:24 by GehrigKunz)