For an example of a delegating authenticator, check out:
https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/auth/MutualTlsWithPasswordFallbackAuthenticator.java
I think you can implement this as a single authenticator that has separate
configuration of the supported mechanisms. So the single authenticator
maintained is the “negotiating authenticator” which can proxy off to which ever
other mechanisms you want.
> On Dec 3, 2024, at 6:37 PM, Joel Shepher
I'm interested, at least in a more narrowly-scoped subset of CEP-31:
authentication negotiation only, configured via YAML (not dynamically),
with CQL integration, proxy authorization, multiple role managers and
new authn mechanisms out of scope.
I've started working through Derek's proposal in
