I've submitted a PR for the server-side implementation of authenticator
negotiation:
https://github.com/apache/cassandra/pull/4773
Happy for any feedback but there are a couple areas where I'm personally
less confident:
* How to identify authenticators in the protocol. I'm torn between using
the current approach of passing the full server-side authenticator class
name to the client and expecting the client to understand it, or using
the more abstract authentication mode identifiers.
* Handling anonymous (unauthenticated) clients. The upshot is that if
you're allowing anonymous clients today (i.e., using AllowAll or similar
authentication), and want to use authn negotiation to help upgrade to
some form of actual authentication, you will need to first ensure your
'anonymous' role is explicitly granted necessary permissions. With no
authentication, 'anonymous' acts essentially as super-user; with
negotiation and any authenticator that requires authentication,
'anonymous' cannot escalate privileges to super-user.
* Testing: I tried to provide decent unit and dtest coverage but am
happy for further suggestions.
I'm going to add an addendum to the CEP regarding a couple
implementation details that diverged, and add operational notes as well.
Thanks -- Joel.
On 7/24/2025 10:55 AM, Joel Shepherd wrote:
Binding: 11 +1, no -1
Non-binding: 1 +1, no -1
I think the vote to adopt CEP-50 can be considered as passed. I'll
update the CEP, move the related JIRA back to open state (if possible;
if not I'll cut a new one) and move ahead on it.
In the spirit of minimizing surprise, I plan on approaching this in
several phases/patches, along the lines of:
1) Refactoring existing code to move logic with hardcoded references
to specific authenticators (e.g., PasswordAuthenticator) behind
DatabaseDescriptor APIs.
2) Refactoring to associate ClientState with the specific
authenticator used by the client.
3) Configuration support for negotiation and related logic changes in
DatabaseDescriptor and AuthConfig.
4) Integration w/SUPPORTED and STARTUP messages and handlers, and Java
driver reference implementation.
As always, guidance, suggestions and feedback welcome. Thanks for your
support of this proposal!
-- Joel.
On 7/21/2025 8:51 AM, Joel Shepherd wrote:
Hi dev@ - I'd like to request voting for adoption of CEP-50:
Authentication Negotiation.
Proposal:
https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-50%3A+Authentication+Negotiation
Discussion:
https://lists.apache.org/thread/cdx4fttq72j4dz7cyhxp14pt7k6rd6bc
Feedback has been incorporated in the proposal, or (I believe) closed
out in the discussion thread.
The vote will be open for 72 hours. A vote passes if there are at
least 3 binding +1s and no binding vetoes.
Thanks! -- Joel.
