Hi Jacek, I was doing some housekeeping on CEPs and noticed this stalled. Is this still a CEP you are advocating for?
Anyone else that knows the status, feel free to add in. Patrick On Wed, May 31, 2023 at 8:26 AM Derek Chen-Becker <de...@chen-becker.org> wrote: > Hi Jacek, > > I took a quick look through the CEP and I think I understand the > implementation you're donating. I don't think that the approach you're > taking and the approach I proposed are contradictory, but I want to make > sure I'm understanding some aspects of the CEP: > > 1. Is there any mechanism for discovery so that the client knows which > authenticators are supported? The main use case I see here is that since > the client drives selection of the authenticator, the client probably wants > to utilize the strongest mutually supported mechanism > 2. Can you specify the client/server exchange in a state diagram or more > clearly detail which messages are involved? The CEP states that "The driver > sends an additional preamble along with the initial SASL authentication > message". Is the "initial SASL auth message" the AUTH_RESPONSE? Are you > basically saying that the server sends the AUTHENTICATE message with a > class name, so does the client basically respond with "No, here's the > authenticator I want to use" in the preamble? > 3. Does the donated code for the server already handle hot reconfiguration > of authenticators? The CEP states "We want to make it possible to add, ..." > so I wasn't sure if that was future work or not > > I think I need to re-read and digest, but on first run-through this looks > really interesting! > > Cheers, > > Derek > > On Fri, May 26, 2023 at 8:09 AM Jacek Lewandowski < > lewandowski.ja...@gmail.com> wrote: > >> Hi, >> >> I'd like to start a discussion on negotiated authentication and >> improvements to authentication, authorization, and role management in >> general. A draft of proposed changes is included in CEP-31. >> >> >> https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-31+%28DRAFT%29+Negotiated+authentication+and+authorization >> >> thanks, >> - - -- --- ----- -------- ------------- >> Jacek Lewandowski >> > > > -- > +---------------------------------------------------------------+ > | Derek Chen-Becker | > | GPG Key available at https://keybase.io/dchenbecker and | > | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | > | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | > +---------------------------------------------------------------+ > >
