[jira] [Commented] (CASSANDRA-16456) Add Plugin Support for CQLSH

Fri, 01 Apr 2022 07:58:07 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515954#comment-17515954
 ] 

Stefan Miklosovic commented on CASSANDRA-16456:
-----------------------------------------------

The solution proved itself to be working well with the custom 3rd party server 
implementations. My integration with, for example, Instaclustr Kerberos 
autheticator plugin (1) works with the following configuration in cqlshrc:

{code}
[AuthProvider]
classname=SaslAuthProvider
module=cassandra.auth

[AuthProviderExtendedProperties]
service = cassandra
keytab=/etc/cassandra/cassandra.keytab
mechanism = GSSAPI
qop = auth
{code}

I am able to log in with a ticket granted without any password and it works as 
expected.

I will take the second look at this from the code point of view the next week. 
Maybe [~bsong] or [~maulin.vasavada] would join me in this effort?

I am still aiming to have this in 4.1, we have 1 month to deliver this as the 
freeze will occur at 1st May.

The part of this ticket should be also updated documentation how to use this 
and how it works. It should be, prefferably, the part of this PR.

(1) https://github.com/instaclustr/cassandra-kerberos

> Add Plugin Support for CQLSH
> ----------------------------
>
>                 Key: CASSANDRA-16456
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16456
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Tool/cqlsh
>            Reporter: Brian Houser
>            Assignee: Brian Houser
>            Priority: Normal
>              Labels: gsoc2021, mentor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently the Cassandra drivers offer a plugin authenticator architecture for 
> the support of different authentication methods. This has been leveraged to 
> provide support for LDAP, Kerberos, and Sigv4 authentication. Unfortunately, 
> cqlsh, the included CLI tool, does not offer such support. Switching to a new 
> enhanced authentication scheme thus means being cut off from using cqlsh in 
> normal operation.
> We should have a means of using the same plugins and authentication providers 
> as the Python Cassandra driver.
> Here's a link to an initial draft of 
> [CEP|https://docs.google.com/document/d/1_G-OZCAEmDyuQuAN2wQUYUtZBEJpMkHWnkYELLhqvKc/edit?usp=sharing].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to