Hi - I've been doing some exploration in Cassandra's client
authentication workflow and got tripped up by surprising (to me)
behavior regarding role name case sensitivity.
I made an implementation of IAuthenticator and SaslNegotiator. After
evaluateResponse(), when the client responds successf
hanism for existing clients that don’t try to negotiate. Which means it can
be seamlessly enabled.
-Jeremiah
On Dec 4, 2024, at 5:27 PM, Joel Shepherd wrote:
A negotiating authenticator is appealing, but I'm concerned that it doesn't have a good migration
story. If a client has
as a single authenticator that has separate
configuration of the supported mechanisms. So the single authenticator
maintained is the “negotiating authenticator” which can proxy off to which ever
other mechanisms you want.
On Dec 3, 2024, at 6:37 PM, Joel Shepherd wrote:
I'm interested,
WITH INDEX (or something equivalent) seems really useful.
Less opinionated on the specific syntax, but I think there is a lot of
value in the form of predictable, controllable performance, in giving
developers more direct control over query execution, whether that's
index selection or even low
I'm interested, at least in a more narrowly-scoped subset of CEP-31:
authentication negotiation only, configured via YAML (not dynamically),
with CQL integration, proxy authorization, multiple role managers and
new authn mechanisms out of scope.
I've started working through Derek's proposal in
FWIW, my personal experience is that mixing automated notifications
(beyond a very low volume) with human communications adds a bunch of
noise to the human conversations and increases the risk of an
interesting automated notification being missed (scrolling past them to
get to the meatier human
On 4/8/2025 11:31 PM, Mick Semb Wever wrote:
On Tue, 8 Apr 2025 at 23:59, Joel Shepherd wrote:
I'm curious what the argument for pumping ticket notifications
into #cassandra-dev, etc., is, versus pumping them into a
dedicated channel.
Hi Joel,
for myself, and I'm guess
Congratulations, David. :-)
On 4/28/2025 12:09 PM, Jon Haddad wrote:
Hey everyone!
The Project Management Committee (PMC) for Apache Cassandra is
delighted to announce that David Capwell has joined the PMC!
Thank you David for all your contributions to the project over the years.
The PMC -
Related JIRA: https://issues.apache.org/jira/browse/CASSANDRA-20416
Includes links to the draft code and more complete documentation of the
proposed approach.
Thanks -- Joel.
On 3/4/2025 12:48 PM, Joel Shepherd wrote:
Hi - I have a side project that provides client- and node-side Java
plug
Hi - I have a side project that provides client- and node-side Java
plug-ins to enable client-to-node authentication based on AWS
identities. This would, for example, enable clients to use EC2 instance
roles to authenticate to Cassandra nodes, or use ordinary IAM
keys/secret keys. The client ne
On 3/6/2025 7:16 AM, Jon Haddad wrote:
Assuming everything else is identical, might not matter for S3.
However, not every object store has a filesystem mount.
Regarding sprawling dependencies, we can always make the provider
specific libraries available as a separate download and put them on
is moved to object store at
some point, and pulled to the local disk on demand.
I am *firmly* of the position that this CEP should not exclude the
local storage as cache option, and should be accounted for in the design.
Jon
[1] https://issues.apache.org/jira/browse/CASSANDRA-19663
O
vote thread [3].
Cheers,
– Scott
[1] http://issues.apache.org/jira/browse/CASSANDRA
[2] http://issues.apache.org/jira/browse/CASSJAVA
[3]
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=95652201
On Mar 4, 2025, at 12:48 PM, Joel Shepherd wrote:
Hi - I have a side pro
FWIW, to my naive mind it makes sense to follow a process like: 1)
Propose, 2) Discuss, 3) Vote (if discussion closes out w/o controversy
4) Adopt (if vote passes), 5) Cut the top-level JIRA. Creating the JIRA
is the call to action for performing the work (at some point): it
probably makes sens
27;t outright prevent it however.) I believe this is still
SASL-compliant because SASL doesn't mandate a particular exchange, but
did want to call it out. I'll fold this into the CEP as well.
Thanks! -- Joel.
Overall - looks great. Again: +1 from me.
On Tue, Jul 8, 202
uth/CassandraRoleManager.java#L167-L172),
it should work fine. Not that that helps _you_ solve your problem, but
at least the existing classes should work.
Thanks for putting the CEP together and working on the implementation!
Doug
On Jul 3, 2025, at 2:38 PM, Joel Shepherd wrote:
Th
language drivers to support new functionality.
On Wed, Jul 9, 2025, at 8:18 PM, Joel Shepherd wrote:
Hi Josh - Thanks for all the feedback: appreciate it. Responses to
specific points interwoven below ...
On 7/9/2025 3:25 AM, Josh McKenzie wrote:
Sorry for the delay in getting to this Joel. This
On 7/8/2025 8:22 AM, Abe Ratnofsky wrote:
+1 (nb) from me as well. Would be nice to have a reference implementation of
negotiated authentication in the Java driver; I’d happy to collaborate on that.
I'd love some help with the driver[s]. I plan to do at least "an"
implementation in the Java
orted/should be used is pretty clever as it
shouldn't require a protocol version uprev, and hopefully wouldn't be
too complicated for a driver to implement.
Thanks,
Andy
On Mon, Jun 30, 2025 at 11:44 AM Joel Shepherd
wrote:
Erm ... and here's the CEP:
https://
Erm ... and here's the CEP:
https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-50%3A+Authentication+Negotiation
(Thanks for the heads up, Abe ...)
-- Joel.
On 6/30/2025 9:37 AM, Joel Shepherd wrote:
Hello - We would like to propose CEP-50: Authentication Negotiation
for adopti
Hello - We would like to propose CEP-50: Authentication Negotiation for
adoption by the community: .
This CEP proposes minor changes to the initial handshake protocol
(OPTIONS, SUPPORTED and STARTUP messages) to enable a client to inform
the node of the authenticators supported by the client,
Hi All - Would some kind person grant me write permissions to the CEP
section in Confluence (so I can submit a CEP)? Or point out the obvious
thing that I'm probably missing ... :-)
My user id is 'jshepherd'.
Thanks! -- Joel.
Awesome: thanks so much -- Joel.
On 6/26/2025 3:49 PM, Dinesh Joshi wrote:
done. Ping me if you have any issues.
On Thu, Jun 26, 2025 at 3:38 PM Joel Shepherd wrote:
Hi All - Would some kind person grant me write permissions to the CEP
section in Confluence (so I can submit a CEP
Ah, thanks: all kinds of good stuff in there.
-- Joel.
On 7/22/2025 1:45 PM, Mick Semb Wever wrote:
try
.build/run-tests.sh -a test -t org.apache.cassandra.hints
https://github.com/apache/cassandra/blob/cassandra-5.0/.build/README.md
On Tue, 22 Jul 2025 at 21:06, Joel Shepherd wrote
e get a little more familiar with what's in that directory and pull
up the juiciest-looking examples into the testing doc.
Thanks -- Joel.
On Tue, Jul 22, 2025, at 8:04 PM, Joel Shepherd wrote:
Ah, thanks: all kinds of good stuff in there.
-- Joel.
On 7/22/2025 1:45 PM, Mick Semb W
Hi dev@ - I'd like to request voting for adoption of CEP-50:
Authentication Negotiation.
Proposal:
https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-50%3A+Authentication+Negotiation
Discussion: https://lists.apache.org/thread/cdx4fttq72j4dz7cyhxp14pt7k6rd6bc
Feedback has been incorpor
Hi - I know it's possible to run just the unit tests in a single test
class, or a specific test in a specific class. I'd like to be able to
run all tests in a single Java package (e.g., all unit tests for
org.apache.cassandra.auth). I see that I can list the classes
individually in a text file
s for your
support of this proposal!
-- Joel.
On 7/21/2025 8:51 AM, Joel Shepherd wrote:
Hi dev@ - I'd like to request voting for adoption of CEP-50:
Authentication Negotiation.
Proposal:
https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-50%3A+Authentication+Negotiation
Dis
I like the aim of the CEP. Completely onboard with the idea that GenAI
tooling works better when you can provide it useful context about the
data it is working with. An organization I worked with in the past had a
lot of good results with marking up API models (not DB schemas, but
similar idea)
29 matches
Mail list logo
