Re: Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family
Sorry for not following up on this one in time. I filed a JIRA (5651) and it seems user lookup is here to stay. https://issues.apache.org/jira/browse/CASSANDRA-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel On a related note, that column family is, by default, set up to have key cached only. It might be a good idea to have its row cached turned on if row cache is enabled. Bao
Re: Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family
It seems to me that isExistingUser should be pushed down to the IAuthenticator implementation. Perhaps you should add a ticket to https://issues.apache.org/jira/browse/CASSANDRA On 06/17/2013 05:12 PM, Bao Le wrote: Hi, We have a custom authenticator that works well with Cassandra 1.1.5. When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName()) if the AuthenticatedUser is not Anonymous user. This isExistingUser method does a query on system_auth.users and if it cannot find the name there, throw an exception. If our authentication model involves exchanging data on the fly and not relying on pre-created users, how do we bypass this check? Should we add a method on IAuthenticator to specify whether user look-up is needed or not? Bao
Custom 1.2 Authentication plugin will not work unless user is in system_auth.users column family
Hi, We have a custom authenticator that works well with Cassandra 1.1.5. When upgrading to C* 1.2.5, authentication failed. Turn out that in ClientState.login, we make a call to Auth.isExistingUser(user.getName()) if the AuthenticatedUser is not Anonymous user. This isExistingUser method does a query on system_auth.users and if it cannot find the name there, throw an exception. If our authentication model involves exchanging data on the fly and not relying on pre-created users, how do we bypass this check? Should we add a method on IAuthenticator to specify whether user look-up is needed or not? Bao
