Open smallinsky opened 1 year ago
Current implementation of self-hosted Cassandra Teleport integration uses the password forwarding method that limits the integration and don't leverage teleport x509 for user authentication.
Cassandra auth interface provide ability to overwrite authentication method by writing custom plugging: https://github.com/VISSLM/CASSANDRA/commit/ac1bb75867a9a878a86d9b659234f78772627287#diff-c441683eaf563c141fae729e3017cce3b98a7763086dccb93f5970d505fd2f5eR80
https://github.com/scylladb/scylladb/issues/10099#issuecomment-1312732917 Investigate possible solution to leverage x509 authentication with custom Cassandra authentication plugin.
We shouldn't need the plugin once this lands: https://github.com/scylladb/scylladb/pull/12214
What
Current implementation of self-hosted Cassandra Teleport integration uses the password forwarding method that limits the integration and don't leverage teleport x509 for user authentication.
How
Cassandra auth interface provide ability to overwrite authentication method by writing custom plugging: https://github.com/VISSLM/CASSANDRA/commit/ac1bb75867a9a878a86d9b659234f78772627287#diff-c441683eaf563c141fae729e3017cce3b98a7763086dccb93f5970d505fd2f5eR80
https://github.com/scylladb/scylladb/issues/10099#issuecomment-1312732917 Investigate possible solution to leverage x509 authentication with custom Cassandra authentication plugin.