{"id":15056859,"url":"https://github.com/instaclustr/cassandra-java-driver-kerberos","last_synced_at":"2025-10-10T23:40:55.664Z","repository":{"id":56076850,"uuid":"150053944","full_name":"instaclustr/cassandra-java-driver-kerberos","owner":"instaclustr","description":"GSS-API authenticator plugin for the Apache Cassandra Java driver","archived":false,"fork":false,"pushed_at":"2020-11-27T09:29:06.000Z","size":81,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-07-03T23:48:02.851Z","etag":null,"topics":["apache","apache-cassandra","auth","authentication","authenticator","cassandra","gssapi-authentication","kdc","kerberos","netapp-public"],"latest_commit_sha":null,"homepage":"https://instaclustr.com","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/instaclustr.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-24T04:26:18.000Z","updated_at":"2023-12-08T03:15:54.000Z","dependencies_parsed_at":"2022-08-15T12:40:51.233Z","dependency_job_id":null,"html_url":"https://github.com/instaclustr/cassandra-java-driver-kerberos","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/instaclustr/cassandra-java-driver-kerberos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instaclustr%2Fcassandra-java-driver-kerberos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instaclustr%2Fcassandra-java-driver-kerberos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instaclustr%2Fcassandra-java-driver-kerberos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instaclustr%2Fcassandra-java-driver-kerberos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/instaclustr","download_url":"https://codeload.github.com/instaclustr/cassandra-java-driver-kerberos/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instaclustr%2Fcassandra-java-driver-kerberos/sbom","scorecard":{"id":489936,"data":{"date":"2025-08-11","repo":{"name":"github.com/instaclustr/cassandra-java-driver-kerberos","commit":"406527cf91ba28b623331ee52922a631332e2e0c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 2/18 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":4,"reason":"1 out of the last 2 releases have a total of 1 signed artifacts.","details":["Warn: release artifact v3.0.0 not signed: https://api.github.com/repos/instaclustr/cassandra-java-driver-kerberos/releases/34482559","Info: signed release artifact: cassandra-driver-kerberos-1.0.0.jar.asc: https://github.com/instaclustr/cassandra-java-driver-kerberos/releases/tag/v1.0.0","Warn: release artifact v3.0.0 does not have provenance: https://api.github.com/repos/instaclustr/cassandra-java-driver-kerberos/releases/34482559","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/instaclustr/cassandra-java-driver-kerberos/releases/13724392"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-pvp8-3xj6-8c6x","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-9vjp-v76f-g363","Warn: Project is vulnerable to: GHSA-grg4-wf29-r9vv","Warn: Project is vulnerable to: GHSA-389x-839f-4rhx","Warn: Project is vulnerable to: GHSA-xq3w-v528-46rv","Warn: Project is vulnerable to: GHSA-6mjq-h674-j845","Warn: Project is vulnerable to: GHSA-3vqj-43w4-2q58","Warn: Project is vulnerable to: GHSA-4jq9-2xhw-jpx7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T18:49:38.491Z","repository_id":56076850,"created_at":"2025-08-19T18:49:38.491Z","updated_at":"2025-08-19T18:49:38.491Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279005577,"owners_count":26083920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache","apache-cassandra","auth","authentication","authenticator","cassandra","gssapi-authentication","kdc","kerberos","netapp-public"],"created_at":"2024-09-24T21:57:12.975Z","updated_at":"2025-10-10T23:40:55.631Z","avatar_url":"https://github.com/instaclustr.png","language":"Java","funding_links":[],"categories":["Packages"],"sub_categories":["Tools"],"readme":"== Cassandra Java Driver Kerberos Authenticator\n\nimage:https://img.shields.io/maven-central/v/com.instaclustr/cassandra-driver-kerberos.svg?label=Maven%20Central[link=https://search.maven.org/search?q=g:%22com.instaclustr%22%20AND%20a:%22cassandra-driver-kerberos%22\"]\nimage:https://circleci.com/gh/instaclustr/cassandra-java-driver-kerberos.svg?style=svg[\"Instaclustr\",link=\"https://circleci.com/gh/instaclustr/cassandra-java-driver-kerberos\"]\n\nA GSSAPI authentication provider for the https://github.com/datastax/java-driver[Cassandra Java driver].\n\nThis driver plugin is intended to work with the\nhttps://github.com/instaclustr/cassandra-kerberos[Cassandra kerberos authenticator] plugin for https://cassandra.apache.org/[Apache Cassandra].\n\n=== Usage\n\nThe authenticator is distributed via Maven Central. To use, add the following dependency to your POM:\n\n----\n\u003cdependency\u003e\n  \u003cgroupId\u003ecom.instaclustr\u003c/groupId\u003e\n  \u003cartifactId\u003ecassandra-driver-kerberos\u003c/artifactId\u003e\n  \u003cversion\u003e3.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n----\n\n=== Pre-requisite setup steps\n\n- A Kerberos 5 KDC server is available\n- An NTP client is installed \u0026 configured on the application host, each Cassandra node, and the KDC. Ideally the application host syncs\nwith the same time source as the KDC \u0026 Cassandra nodes in order to minimise potential time-sync issues.\n- If using Oracle Java, ensure that the https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html[Java Cryptographic Extensions Unlimited Strength Jurisdiction Policy Files]\nare installed (not necessary when using OpenJDK or other JRE implementations)\n- Follow the instructions https://github.com/instaclustr/cassandra-kerberos[here] to configure a Cassandra cluster for Kerberos authentication.\n\nConfigure the `/etc/krb5.conf` Kerberos config file (see http://web.mit.edu/kerberos/www/krb5-latest/doc/admin/conf_files/krb5_conf.html[here] for further details).\n\nAn example `krb5.conf` for the `EXAMPLE.COM` realm:\n\n----\n[logging]\ndefault = FILE:/var/log/krb5libs.log\n\n[libdefaults]\n default_realm = EXAMPLE.COM\n dns_lookup_realm = false\n dns_lookup_kdc = false\n\n[realms]\n EXAMPLE.COM = {\n  kdc = kdc.example.com\n  admin_server = kdc.example.com\n}\n\n[domain_realm]\n .example.com = EXAMPLE.COM\n example.com = EXAMPLE.COM\n----\n\nSee http://web.mit.edu/kerberos/www/krb5-latest/doc/admin/conf_files/krb5_conf.html[here] for further details.\n\n\n=== How to use the authenticator plugin\n\n**Note:** *Please read the javadoc for full details on how to configure \u0026 use the plugin.*\n\nThe plugin works with the https://github.com/datastax/java-driver[Cassandra Java driver]:\n\n----\n CqlSession session = CqlSession.builder()\n                        .addContactPoint(new InetSocketAddress(ipAddress, 9042))\n                        .withAuthProvider(new ProgrammaticKerberosAuthProvider(\n                            KerberosAuthOptions.builder().build()\n                        )).build();\n----\n\nYou may also configure the authenticator provider via file configuration as this driver builds\non top of Cassandra Driver version 4. Please consult Javadoc of `KerberosAuthProvider` to\nknow what configuration properties are available.\n\n----\n datastax-java-driver {\n    advanced.auth-provider {\n        class = com.instaclustr.cassandra.driver.auth.KerberosAuthProvider\n        ... options\n    }\n }\n----\n\nA JAAS config file is also required. The following example retrieves a TGT from the local Kerberos ticket cache:\n\n----\nCassandraJavaClient {\n   com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;\n};\n----\n\nThis particular example requires that the Kerberos client libraries \u0026 tools (`kinit` in particular) are installed.\n\nThe location of the JAAS config file must be provided via the `java.security.auth.login.config` system property.\n\nFor example:  `java -Djava.security.auth.login.config=/path/to/jaas.conf -jar MyApplication.jar`\n\n=== Build\n\nIf you would like to build the JAR package from source, checkout this project and run `mvn clean package`.\n\nPlease see https://www.instaclustr.com/support/documentation/announcements/instaclustr-open-source-project-status/[status] for Instaclustr support status of this project.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finstaclustr%2Fcassandra-java-driver-kerberos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finstaclustr%2Fcassandra-java-driver-kerberos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finstaclustr%2Fcassandra-java-driver-kerberos/lists"}