[ https://issues.apache.org/jira/browse/CASSANDRA-7715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15141124#comment-15141124 ]
Sam Tunnicliffe commented on CASSANDRA-7715: -------------------------------------------- bq. I'm not sure about being able to modify cache settings via JMX. This seems like an attack vector to me. So as not to change existing behaviour, configuration via JMX is enabled by default but I've added the option to disable it (for all auth caches) via the {{cassandra.disable_auth_caches_remote_configuration}} system property. bq. I think that the cache should be be cleared for a user if the authentication fails. As this is more of a requirement for CASSANDRA-11022, I'd rather defer it until we come to that. It won't really buy us much yet given we'll still be doing the BCrypt checking on every attempt. bq. Could we have a method to invalidate the cache for a specific user? Done bq. In cassandra.yaml the credentials_update_interval_in_ms value (although commented out) ought to be the same value as credentials_validity_in_ms. This is cosmetic, but I've changed it for consistency (also the equivalents for permissions and roles caches). bq. It would be nice if MBEAN_NAME_BASE was (somehow) overridable by concrete implementations. Done I've also rebased and kicked off another CI run. > Add a credentials cache to the PasswordAuthenticator > ---------------------------------------------------- > > Key: CASSANDRA-7715 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7715 > Project: Cassandra > Issue Type: New Feature > Components: CQL > Reporter: Mike Adamson > Assignee: Sam Tunnicliffe > Priority: Minor > Fix For: 3.x > > > If the PasswordAuthenticator cached credentials for a short time it would > reduce the overhead of user journeys when they need to do multiple > authentications in quick succession. > This cache should work in the same way as the cache in CassandraAuthorizer in > that if it's TTL is set to 0 the cache will be disabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)