[jira] [Commented] (CASSANDRA-16456) Add Plugin Support for CQLSH

[Bowen Song (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17520741#comment-17520741
 ] 

Bowen Song commented on CASSANDRA-16456:
----------------------------------------

Stefan is right. CQLSH should use the credentials in the specific order, and 
only fail if none of them is provided. The longer term plan is to stop reading 
credentials from the cqlshrc file, and use only the command line options, 
credentials file and interactive prompt where applicable.

 

I would strongly recommend add any new authentication information, such as 
username, password and API keys, to the credentials file, and keep them in a 
section named after the auth provider. In the cqlshrc file, the user can 
specify which auth provider they want to use, and CQLSH should read the 
credentials file to find out the authentication information for the specific 
auth provider.

 

The rational for separating configurations (cqlshrc) and credentials into two 
separate files is because the configurations aren't sensitive, but credentials 
are. The configurations can be shared between multiple users sharing the same 
host. The credentials are sensitive and every user on the system should have 
their own credentials file that only themselves can read. 

> Add Plugin Support for CQLSH
> ----------------------------
>
>                 Key: CASSANDRA-16456
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16456
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Tool/cqlsh
>            Reporter: Brian Houser
>            Assignee: Brian Houser
>            Priority: Normal
>              Labels: gsoc2021, mentor
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> Currently the Cassandra drivers offer a plugin authenticator architecture for 
> the support of different authentication methods. This has been leveraged to 
> provide support for LDAP, Kerberos, and Sigv4 authentication. Unfortunately, 
> cqlsh, the included CLI tool, does not offer such support. Switching to a new 
> enhanced authentication scheme thus means being cut off from using cqlsh in 
> normal operation.
> We should have a means of using the same plugins and authentication providers 
> as the Python Cassandra driver.
> Here's a link to an initial draft of 
> [CEP|https://docs.google.com/document/d/1_G-OZCAEmDyuQuAN2wQUYUtZBEJpMkHWnkYELLhqvKc/edit?usp=sharing].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org