[jira] [Commented] (CASSANDRA-7715) Add a credentials cache to the PasswordAuthenticator

Wed, 10 Feb 2016 08:45:18 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-7715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15141124#comment-15141124
 ] 

Sam Tunnicliffe commented on CASSANDRA-7715:
--------------------------------------------

bq. I'm not sure about being able to modify cache settings via JMX. This seems 
like an attack vector to me. 
So as not to change existing behaviour, configuration via JMX is enabled by 
default but I've added the option to disable it (for all auth caches) via the 
{{cassandra.disable_auth_caches_remote_configuration}} system property.
bq. I think that the cache should be be cleared for a user if the 
authentication fails.
As this is more of a requirement for CASSANDRA-11022, I'd rather defer it until 
we come to that. It won't really buy us much yet given we'll still be doing the 
BCrypt checking on every attempt.
bq. Could we have a method to invalidate the cache for a specific user?
Done
bq. In cassandra.yaml the credentials_update_interval_in_ms value (although 
commented out) ought to be the same value as credentials_validity_in_ms.
This is cosmetic, but I've changed it for consistency (also the equivalents for 
permissions and roles caches). 
bq. It would be nice if MBEAN_NAME_BASE was (somehow) overridable by concrete 
implementations. 
Done

I've also rebased and kicked off another CI run.


> Add a credentials cache to the PasswordAuthenticator
> ----------------------------------------------------
>
>                 Key: CASSANDRA-7715
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7715
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: CQL
>            Reporter: Mike Adamson
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.x
>
>
> If the PasswordAuthenticator cached credentials for a short time it would 
> reduce the overhead of user journeys when they need to do multiple 
> authentications in quick succession.
> This cache should work in the same way as the cache in CassandraAuthorizer in 
> that if it's TTL is set to 0 the cache will be disabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to