Provide AuthProvider that supports the DSE 5.0 DseAuthenticator

Description

DSE 5.0 will have a new authenticator called DseAuthenticator. This has the ability to support multiple authentication schemes (internal, ldap, kerberos).

Schemes can be selected by the driver by sending desired SASL mechanism as the initial SASL response. If the mechanism is supported then the authenticator will respond with a success response and the normal SASL exchange can continue. If the mechanism isn't supported then the authenticator will respond with an error.

Authentication Scheme

Mechanism

Challenge

Success Response

internal

PLAIN TEXT

PLAIN

PLAIN-START

ldap

PLAIN TEXT

PLAIN

PLAIN-START

kerberos

GSSAPI

GSSAPI

GSSAPI-START

To maintain backward compatibility the AuthProvider should check that the calling authenticator () is com.datastax.bdp.cassandra.auth.DseAuthenticator before sending a mechanism challenge. For any other authenticator it should skip this step and send the initial SASL response.

Environment

None

Pull Requests

None

Activity

Show:
Adam Holmberg
December 17, 2015, 9:58 AM

Working branch is dse

Greg Bestland
January 16, 2016, 5:01 AM

One small thing I noticed while testing is that the underlying puresasl library requires kerberos in order to support GSSAPI, however that is not an explicit dependency.

Instead you end up with a somewhat cyrptic error that looks like this.

I think we should provide the user with a more helpful message that indiciates they need to install kerberos to support GSSAPI, This could be done in our authenticator, or in the underlying puresasl library,

Alex Popescu
January 16, 2016, 6:17 AM

+1 for 's suggestion of improving the error message

Mike Adamson
January 18, 2016, 11:00 PM

Good idea because I just ran into this with someone today. I've created https://github.com/datastax/python-driver/pull/464 to throw a specific error if it can't import the kerberos library.

Adam Holmberg
January 20, 2016, 2:30 AM

merged. Thanks, Mike.

Fixed

Assignee

Unassigned

Reporter

Mike Adamson

Fix versions

Labels

PM Priority

None

External issue ID

None

Doc Impact

None

Reviewer

Adam Holmberg

Size

None

Pull Request

None

Components

Sprint

Py P-NEXT

Priority

Major