search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.08k stars 1.72k forks source link

Cassandra x509 auth plugin #18421

Open smallinsky opened 1 year ago

smallinsky commented 1 year ago

What

Current implementation of self-hosted Cassandra Teleport integration uses the password forwarding method that limits the integration and don't leverage teleport x509 for user authentication.

How

Cassandra auth interface provide ability to overwrite authentication method by writing custom plugging: https://github.com/VISSLM/CASSANDRA/commit/ac1bb75867a9a878a86d9b659234f78772627287#diff-c441683eaf563c141fae729e3017cce3b98a7763086dccb93f5970d505fd2f5eR80

https://github.com/scylladb/scylladb/issues/10099#issuecomment-1312732917 Investigate possible solution to leverage x509 authentication with custom Cassandra authentication plugin.

Tener commented 1 year ago

We shouldn't need the plugin once this lands: https://github.com/scylladb/scylladb/pull/12214