Hi Jacek, I took a quick look through the CEP and I think I understand the implementation you're donating. I don't think that the approach you're taking and the approach I proposed are contradictory, but I want to make sure I'm understanding some aspects of the CEP:
1. Is there any mechanism for discovery so that the client knows which authenticators are supported? The main use case I see here is that since the client drives selection of the authenticator, the client probably wants to utilize the strongest mutually supported mechanism 2. Can you specify the client/server exchange in a state diagram or more clearly detail which messages are involved? The CEP states that "The driver sends an additional preamble along with the initial SASL authentication message". Is the "initial SASL auth message" the AUTH_RESPONSE? Are you basically saying that the server sends the AUTHENTICATE message with a class name, so does the client basically respond with "No, here's the authenticator I want to use" in the preamble? 3. Does the donated code for the server already handle hot reconfiguration of authenticators? The CEP states "We want to make it possible to add, ..." so I wasn't sure if that was future work or not I think I need to re-read and digest, but on first run-through this looks really interesting! Cheers, Derek On Fri, May 26, 2023 at 8:09 AM Jacek Lewandowski < lewandowski.ja...@gmail.com> wrote: > Hi, > > I'd like to start a discussion on negotiated authentication and > improvements to authentication, authorization, and role management in > general. A draft of proposed changes is included in CEP-31. > > > https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-31+%28DRAFT%29+Negotiated+authentication+and+authorization > > thanks, > - - -- --- ----- -------- ------------- > Jacek Lewandowski > -- +---------------------------------------------------------------+ | Derek Chen-Becker | | GPG Key available at https://keybase.io/dchenbecker and | | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | +---------------------------------------------------------------+
