[CASSANDRA-17334] Pre hashed passwords in CQL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.1-alpha1, 4.1
Component/s: Feature/Authorization
Labels:
None

Change Category:
Operability
Complexity:
Normal
Platform:

All
Impacts:

None
Source Control Link:

https://github.com/apache/cassandra/commit/30ad754d7e95501ffa916bf986e4cfda1aa5e441
Test and Documentation Plan:

Hide

See PR

Show
See PR

Description

As seen on ~~CASSANDRA-16801~~ and friends we are working across the system with plain text passwords. These can be unintentionally revealed by intermediate systems. Allowing the use of hashed passwords should mitigate that. The idea is to add a new option HASHED PASSWORD for CREATE/ALTER ROLE/USER. Examples:

CREATE ROLE foo WITH login = true AND hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
ALTER ROLE foo WITH hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';

To generate the password hash, there will be a new tool hash_password in resources/cassandra/bin

Based on original works from snazy

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cqlsh.diff
03/Mar/22 10:45
2 kB
Berenguer Blasi

Issue Links

is a child of

CASSANDRA-16801 PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause

Resolved

is a parent of

CASSANDRA-17494 Pre hashed passwords in CQL docs

Resolved

CASSANDRA-17457 CEP-24 - Password validation/generation

Resolved

is related to

CASSANDRA-18237 Write documentation for hashed passwords

Triage Needed

links to

CASSANDRA-17334 PR trunk

Activity

People

Assignee:: Berenguer Blasi

Reporter:: Berenguer Blasi

Authors:: Berenguer Blasi

Reviewers:: Andres de la Peña

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 02/Feb/22 09:49

Updated:: 06/Feb/23 03:43

Resolved:: 23/Mar/22 06:30

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

5h 40m