You could use CassandraAuthorizer and PaaswordAuthenticator which ships with Cassandra. See this article[1] for a good overview.
[1] http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra On Thursday, December 12, 2013, onlinespending wrote: > OK, thanks for getting me going in the right direction. I imagine most > people would store password and tokenized authentication information in a > single table, using the username (e.g. email address) as the key? > > > On Dec 11, 2013, at 10:44 PM, Janne Jalkanen > <janne.jalka...@ecyrd.com<javascript:_e({}, 'cvml', > 'janne.jalka...@ecyrd.com');>> > wrote: > > > Hi! > > You're right, this isn't really Cassandra-specific. Most languages/web > frameworks have their own way of doing user authentication, and then you > just typically write a plugin that just stores whatever data the system > needs in Cassandra. > > For example, if you're using Java (or Scala or Groovy or anything else > JVM-based), Apache Shiro is a good way of doing user authentication and > authorization. http://shiro.apache.org/. Just implement a custom Realm > for Cassandra and you should be set. > > /Janne > > On Dec 12, 2013, at 05:31 , onlinespending > <onlinespend...@gmail.com<javascript:_e({}, 'cvml', > 'onlinespend...@gmail.com');>> > wrote: > > Hi, > > I’m using Cassandra in an environment where many users can login to use an > application I’m developing. I’m curious if anyone has any advice or links > to documentation / blogs where it discusses common implementations or best > practices for user and password authentication. My cursory search online > didn’t bring much up on the subject. I suppose the information needn’t even > be specific to Cassandra. > > I imagine a few basic steps will be as follows: > > > - user types in username (e.g. email address) and password > - this is verified against a table storing username and passwords > (encrypted in some way) > - a token is return to the app / web browser to allow further > transactions using secure token (e.g. cookie) > > > Obviously I’m only scratching the surface and it’s the detail and best > practices of implementing this user / password authentication that I’m > curious about. > > Thank you, > Ben > > > > > -- - John
