On Tue, Apr 10, 2018 at 12:28 AM, Alexey Kuznetsov <akuznet...@apache.org> wrote:
> Dmitriy, > > Yes, because we have a command "Add new user" and this command can be > executed only with credentials of some "admin" user. > > It means, that in one command you need to specify name of new user and > "admin" credentials at the same time.? > If you have any ideas how we can handle this - I will be glad to discuss > it. > I am not sure if I agree with the approach you have suggested. In my view, we should have "authenticate" command, which should ask for the username and password. Once the user is authenticated and logged in, you should use the session token to perform all other commands. We should NOT be authenticating users on every command. If you follow this approach, then the command for adding a new user should require any authentication. Makes sense? D.
