Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
The Redis AUTH command must be integrated with the Geode SecurityManager.
- Remove the Geode property compatible-with-redis-password that currently being used for the Redis password.
- Add a new geode property for the Redis default user ID, compatible-with-redis-username
- When a user issues an AUTH Command, the server must call the authenticate method on the customer's SecurityManager with the user (security-username property) and the user provided password (security-password property) and properly handle the AuthenticationFailedException. If the AUTH command was called without a user the value of compatible-with-redis-user should be used**
- The Object/Principal returned from a successful authenticate method call must be cached, associated with the client connection, and available for reuse in subsequent authorization calls.
**When the AUTH command has a single argument (e.g. AUTH xxxxxx) the single argument is interpreted as a password/token and the default Redis user is used for authentication. When the AUTH command has two arguments (e.g. AUTH xxxxxx yyyyyy) the first argument is interpreted as a username and is used instead of the default Redis user. The second argument is interpreted as a password.
Acceptance Criteria
When a SecurityManager is configured, Redis clients that don't AUTH with a valid password cannot perform operations. Redis clients that do AUTH with a valid password can perform Redis operations. Until we support ACLS, use of the AUTH command with more than two arguments is invalid syntax.
Attachments
Issue Links
- blocks
-
GEODE-9547 Enable Redis Server to Authorize Using Security Manager
- Closed
- links to