[jira] [Closed] (GEODE-9546) Enable Redis Server to Authenticate Using SecurityManager

Wed, 22 Jun 2022 13:48:04 -0700 


     [ 
https://issues.apache.org/jira/browse/GEODE-9546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Owen Nichols closed GEODE-9546.
-------------------------------

> Enable Redis Server to Authenticate Using SecurityManager
> ---------------------------------------------------------
>
>                 Key: GEODE-9546
>                 URL: https://issues.apache.org/jira/browse/GEODE-9546
>             Project: Geode
>          Issue Type: New Feature
>          Components: redis
>            Reporter: Wayne
>            Assignee: Jens Deppe
>            Priority: Major
>              Labels: pull-request-available, redis
>             Fix For: 1.15.0
>
>
> The Redis [AUTH|https://redis.io/commands/auth] command must be integrated 
> with the Geode SecurityManager.
>  # Remove the Geode property compatible-with-redis-password that currently 
> being used for the Redis password.
>  # Add a new geode property for the Redis default user ID, 
> compatible-with-redis-username
>  # When a user issues an AUTH Command, the server must call the authenticate 
> method on the customer's SecurityManager with the user (security-username 
> property) and the user provided password (security-password property) and 
> properly handle the AuthenticationFailedException. If the AUTH command was 
> called without a user the value of compatible-with-redis-user should be used**
>  #  The Object/Principal returned from a successful authenticate method call 
> must be cached, associated with the client connection, and available for 
> reuse in subsequent authorization calls.
> **When the AUTH command has a single argument (e.g. AUTH xxxxxx) the single 
> argument is interpreted as a password/token and the default Redis user is 
> used for authentication.  When the AUTH command has two arguments (e.g. AUTH 
> xxxxxx yyyyyy) the first argument is interpreted as a username and is used 
> instead of the default Redis user.  The second argument is interpreted as a 
> password.
>  +Acceptance Criteria+
>  
> When a SecurityManager is configured, Redis clients that don't AUTH with a 
> valid password cannot perform operations. Redis clients that do AUTH with a 
> valid password can perform Redis operations.  Until we support ACLS, use of 
> the AUTH command with more than two arguments is invalid syntax.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to