[ https://issues.apache.org/jira/browse/CASSANDRA-18857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17812450#comment-17812450 ]
Dinesh Joshi commented on CASSANDRA-18857: ------------------------------------------ +1, thanks for the patch! > Allow CQL client certificate authentication to work without sending an > AUTHENTICATE request > ------------------------------------------------------------------------------------------- > > Key: CASSANDRA-18857 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18857 > Project: Cassandra > Issue Type: Improvement > Components: Feature/Encryption > Reporter: Andy Tolbert > Assignee: Andy Tolbert > Priority: Normal > Attachments: ci_summary.html, result_details.tar.gz > > Time Spent: 4h 40m > Remaining Estimate: 0h > > Currently when using {{MutualTlsAuthenticator}} or > {{MutualTlsWithPasswordFallbackAuthenticator}} a client is prompted with an > {{AUTHENTICATE}} message to which they must respond with an {{AUTH_RESPONSE}} > (e.g. a user name and password). This shouldn't be needed as the role can be > identified using only the certificate. > To address this, we could add the capability to authenticate early in > processing of a {{STARTUP}} message if we can determine that both the > configured authenticator supports certificate authentication and a client > certificate was provided. If the certificate can be authenticated, a > {{READY}} response is returned, otherwise an {{ERROR}} is returned. > This change can be done done in a fully backwards compatible way and requires > no protocol or driver changes; I will supply a patch shortly! -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org