[ https://issues.apache.org/jira/browse/CASSANDRA-18554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dinesh Joshi updated CASSANDRA-18554: ------------------------------------- Reviewers: Dinesh Joshi, Jon Meredith, Yifan Cai (was: Blake Eggleston, Dinesh Joshi, Jon Meredith, Yifan Cai) Status: Review In Progress (was: Patch Available) > mTLS based client and internode authenticators > ---------------------------------------------- > > Key: CASSANDRA-18554 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18554 > Project: Cassandra > Issue Type: New Feature > Components: Feature/Authorization > Reporter: Jyothsna Konisa > Assignee: Jyothsna Konisa > Priority: Normal > Time Spent: 10m > Remaining Estimate: 0h > > Cassandra currently doesn't have any certificate based authenticator for both > client connections and internode connections. If one wants to use certificate > based authentication protocol like TLS, in which clients send their > certificates for the TLS handshake, we can leverage the information from the > client certificate to identify a client. Using this authentication mechanism > one can avoid the pain of password generations, sharing and rotation. > Introducing following certificate based mTLS authenticators for internode and > client connections > MutualTlsAuthenticator (client authentication) > MutualTlsInternodeAuthenticator (internode authentication) > MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for > client authentication) > An implementation of MutualTlsCertificateValidator called > SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN > of the client certificate. One can implement their own CertificateValidator > to match their needs and configure it in Cassandra.yaml -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org