[
https://issues.apache.org/jira/browse/CASSANDRA-16456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17526146#comment-17526146
]
Brian Houser commented on CASSANDRA-16456:
------------------------------------------
Ok... cool. I think we've finally cracked the desired behavior. I'm going to
go ahead and write it out the spec here. Implementing this should be quick.
* in the cqlshrc file you can list an Auth_provider section, and specify a
module and class name. if you do than we will dynamically load that class
using the remaining properties in the auth_provider section as well as the
properties found in credentials under that class name.
* If you don't provide an auth_provider module and class name, we will assume
you specified the PlainTextAuthProvider.
* You can provide a user name and a password on the command line. if you do,
these two properties will be passed to whatever auth provider is specified, and
will override any other username and password provided in the credentials or
other file
* you can provide a user name and password under the Authentication section.
If you do, those properties will be passed to whatever auth_provider specified
and will override any other specification of username and password in
credentials or cqlshrc file.
* Any properties in credentials file will override the properties in the
auth_provider section of the cqlshrc file.
* If you are using the PlainTextAuthProvider and only provide username, you
will be prompted for a password.
I'll implement the above and add tests for the behavior. Please let me know if
this spec isn't accurate.
> Add Plugin Support for CQLSH
> ----------------------------
>
> Key: CASSANDRA-16456
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16456
> Project: Cassandra
> Issue Type: New Feature
> Components: Tool/cqlsh
> Reporter: Brian Houser
> Assignee: Brian Houser
> Priority: Normal
> Labels: gsoc2021, mentor
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> Currently the Cassandra drivers offer a plugin authenticator architecture for
> the support of different authentication methods. This has been leveraged to
> provide support for LDAP, Kerberos, and Sigv4 authentication. Unfortunately,
> cqlsh, the included CLI tool, does not offer such support. Switching to a new
> enhanced authentication scheme thus means being cut off from using cqlsh in
> normal operation.
> We should have a means of using the same plugins and authentication providers
> as the Python Cassandra driver.
> Here's a link to an initial draft of
> [CEP|https://docs.google.com/document/d/1_G-OZCAEmDyuQuAN2wQUYUtZBEJpMkHWnkYELLhqvKc/edit?usp=sharing].
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
