[
https://issues.apache.org/jira/browse/GEODE-9546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17414590#comment-17414590
]
ASF subversion and git services commented on GEODE-9546:
--------------------------------------------------------
Commit 5f612e99c162869f1af51bbcf9d916051f228e77 in geode's branch
refs/heads/develop from Jens Deppe
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=5f612e9 ]
GEODE-9546: Integrate Security Manager into Radish AUTH flow (#6844)
- Native tests, using Redis 6.2.4, all pass
- GemFire property compatible-with-redis-password removed
- GemFire property compatible-with-redis-username added
- Deviate from Redis in that AUTH requests without a SecurityManager
configured will always fail.
- Return a custom error message for the above case.
> Enable Redis Server to Authenticate Using SecurityManager
> ---------------------------------------------------------
>
> Key: GEODE-9546
> URL: https://issues.apache.org/jira/browse/GEODE-9546
> Project: Geode
> Issue Type: New Feature
> Components: redis
> Reporter: Wayne
> Priority: Major
> Labels: pull-request-available, redis
>
> The Redis [AUTH|https://redis.io/commands/auth] command must be integrated
> with the Geode SecurityManager.
> # Remove the Geode property compatible-with-redis-password that currently
> being used for the Redis password.
> # Add a new geode property for the Redis default user ID,
> compatible-with-redis-username
> # When a user issues an AUTH Command, the server must call the authenticate
> method on the customer's SecurityManager with the user (security-username
> property) and the user provided password (security-password property) and
> properly handle the AuthenticationFailedException. If the AUTH command was
> called without a user the value of compatible-with-redis-user should be used**
> # The Object/Principal returned from a successful authenticate method call
> must be cached, associated with the client connection, and available for
> reuse in subsequent authorization calls.
> **When the AUTH command has a single argument (e.g. AUTH xxxxxx) the single
> argument is interpreted as a password/token and the default Redis user is
> used for authentication. When the AUTH command has two arguments (e.g. AUTH
> xxxxxx yyyyyy) the first argument is interpreted as a username and is used
> instead of the default Redis user. The second argument is interpreted as a
> password.
> +Acceptance Criteria+
>
> When a SecurityManager is configured, Redis clients that don't AUTH with a
> valid password cannot perform operations. Redis clients that do AUTH with a
> valid password can perform Redis operations. Until we support ACLS, use of
> the AUTH command with more than two arguments is invalid syntax.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
