[
https://issues.apache.org/jira/browse/GEODE-9546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wayne updated GEODE-9546:
-------------------------
Description:
The Redis [AUTH|https://redis.io/commands/auth] command must be integrated with
the Geode SecurityManager.
# Remove the Geode property _compatible-with-redis-password_, that is
currently being used for the Redis password.
# Add a new geode property for the Redis default user ID,
_compatible-with-redis-user_
# When a user issues an AUTH Command, the server must call the authenticate
method on the customer's SecurityManager with the Redis user (security-username
property) and the user provided password (security-password property) and
properly handle the AuthenticationFailedException.**
# The Object/Principal returned from a successful authenticate method call
must be cached, associated with the client connection, and available for reuse
in subsequent authorization calls.
** When the AUTH command is provided with a single argument, e.g. _AUTH
xxxxxx_, the +xxxxxx+ is interpreted as a password and the default Redis user
is used for authentication. When the command is provided with two arguments,
e.g. AUTH xxxxxx yyyyyy, xxxxxx is interpreted as a user name and yyyyyy is
interpreted as the password.
+Acceptance Criteria+
When a security manager is configured, Redis clients that don't AUTH with a
valid password cannot perform operations. Redis clients that do AUTH with a
valid password can perform Redis operations. Until we support ACLs, issuing
the AUTH command with more than two arguments is invalid.
Appropriate tests written to ensure correct behavior and avoid regressions.
was:
The Redis [AUTH|https://redis.io/commands/auth] command must be integrated with
the Geode SecurityManager.
# Remove the Geode property compatible-with-redis-password that currently
being used for the Redis password.
# Add a new geode property for the Redis default user ID,
compatible-with-redis-user
# When a user issues an AUTH Command, the server must call the authenticate
method on the customer's SecurityManager with the user (security-username
property) and the user provided password (security-password property) and
properly handle the AuthenticationFailedException. If the AUTH command was
called without a user the value of compatible-with-redis-user should be used.
# The Object/Principal returned from a successful authenticate method call
must be cached, associated with the client connection, and available for reuse
in subsequent authorization calls.
+Acceptance Criteria+
When a security manager is configured, redis clients that don't AUTH with a
valid password cannot perform operations. Redis clients that do AUTH with a
valid password can perform redis operations.
> Enable Redis Server to Authenticate Using SecurityManager
> ---------------------------------------------------------
>
> Key: GEODE-9546
> URL: https://issues.apache.org/jira/browse/GEODE-9546
> Project: Geode
> Issue Type: New Feature
> Reporter: Wayne
> Priority: Major
>
> The Redis [AUTH|https://redis.io/commands/auth] command must be integrated
> with the Geode SecurityManager.
> # Remove the Geode property _compatible-with-redis-password_, that is
> currently being used for the Redis password.
> # Add a new geode property for the Redis default user ID,
> _compatible-with-redis-user_
> # When a user issues an AUTH Command, the server must call the authenticate
> method on the customer's SecurityManager with the Redis user
> (security-username property) and the user provided password
> (security-password property) and properly handle the
> AuthenticationFailedException.**
> # The Object/Principal returned from a successful authenticate method call
> must be cached, associated with the client connection, and available for
> reuse in subsequent authorization calls.
> ** When the AUTH command is provided with a single argument, e.g. _AUTH
> xxxxxx_, the +xxxxxx+ is interpreted as a password and the default Redis user
> is used for authentication. When the command is provided with two arguments,
> e.g. AUTH xxxxxx yyyyyy, xxxxxx is interpreted as a user name and yyyyyy is
> interpreted as the password.
> +Acceptance Criteria+
> When a security manager is configured, Redis clients that don't AUTH with a
> valid password cannot perform operations. Redis clients that do AUTH with a
> valid password can perform Redis operations. Until we support ACLs, issuing
> the AUTH command with more than two arguments is invalid.
> Appropriate tests written to ensure correct behavior and avoid regressions.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
