Jyothsna Konisa created CASSANDRA-18554:
-------------------------------------------
Summary: mTLS based client and internode authenticators
Key: CASSANDRA-18554
URL: https://issues.apache.org/jira/browse/CASSANDRA-18554
Project: Cassandra
Issue Type: New Feature
Reporter: Jyothsna Konisa
Assignee: Jyothsna Konisa
Cassandra currently doesn't have any certificate based authenticator for both
client connections and internode connections. If one wants to use certificate
based authentication protocol like TLS, in which clients send their
certificates for the TLS handshake, we can leverage the information from the
client certificate to identify a client. Using this authentication mechanism
one can avoid the pain of password generations, sharing and rotation.
Introducing following certificate based mTLS authenticators for internode and
client connections
MutualTlsAuthenticator (client authentication)
MutualTlsInternodeAuthenticator (internode authentication)
MutualTlsWithPasswordFallbackAuthenticator (for optional mode operation for
client authentication)
An implementation of MutualTlsCertificateValidator called
SpiffeCertificateValidator whose identity is SPIFFE that is embedded in SAN of
the client certificate. One can implement their own CertificateValidator to
match their needs and configure it in Cassandra.yaml
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
