Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/instaclustr/cassandra-java-driver-kerberos
GSS-API authenticator plugin for the Apache Cassandra Java driver
https://github.com/instaclustr/cassandra-java-driver-kerberos
apache apache-cassandra auth authentication authenticator cassandra gssapi-authentication kdc kerberos netapp-public
Last synced: about 1 month ago
JSON representation
GSS-API authenticator plugin for the Apache Cassandra Java driver
- Host: GitHub
- URL: https://github.com/instaclustr/cassandra-java-driver-kerberos
- Owner: instaclustr
- License: apache-2.0
- Created: 2018-09-24T04:26:18.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-11-27T09:29:06.000Z (almost 4 years ago)
- Last Synced: 2024-09-30T04:05:35.126Z (about 1 month ago)
- Topics: apache, apache-cassandra, auth, authentication, authenticator, cassandra, gssapi-authentication, kdc, kerberos, netapp-public
- Language: Java
- Homepage: https://instaclustr.com
- Size: 79.1 KB
- Stars: 4
- Watchers: 6
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.adoc
- License: LICENSE
Awesome Lists containing this project
README
== Cassandra Java Driver Kerberos Authenticator
image:https://img.shields.io/maven-central/v/com.instaclustr/cassandra-driver-kerberos.svg?label=Maven%20Central[link=https://search.maven.org/search?q=g:%22com.instaclustr%22%20AND%20a:%22cassandra-driver-kerberos%22"]
image:https://circleci.com/gh/instaclustr/cassandra-java-driver-kerberos.svg?style=svg["Instaclustr",link="https://circleci.com/gh/instaclustr/cassandra-java-driver-kerberos"]
A GSSAPI authentication provider for the https://github.com/datastax/java-driver[Cassandra Java driver].
This driver plugin is intended to work with the
https://github.com/instaclustr/cassandra-kerberos[Cassandra kerberos authenticator] plugin for https://cassandra.apache.org/[Apache Cassandra].
=== Usage
The authenticator is distributed via Maven Central. To use, add the following dependency to your POM:
----
com.instaclustr
cassandra-driver-kerberos
3.0.0
----
=== Pre-requisite setup steps
- A Kerberos 5 KDC server is available
- An NTP client is installed & configured on the application host, each Cassandra node, and the KDC. Ideally the application host syncs
with the same time source as the KDC & Cassandra nodes in order to minimise potential time-sync issues.
- If using Oracle Java, ensure that the https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html[Java Cryptographic Extensions Unlimited Strength Jurisdiction Policy Files]
are installed (not necessary when using OpenJDK or other JRE implementations)
- Follow the instructions https://github.com/instaclustr/cassandra-kerberos[here] to configure a Cassandra cluster for Kerberos authentication.
Configure the `/etc/krb5.conf` Kerberos config file (see http://web.mit.edu/kerberos/www/krb5-latest/doc/admin/conf_files/krb5_conf.html[here] for further details).
An example `krb5.conf` for the `EXAMPLE.COM` realm:
----
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
----
See http://web.mit.edu/kerberos/www/krb5-latest/doc/admin/conf_files/krb5_conf.html[here] for further details.
=== How to use the authenticator plugin
**Note:** *Please read the javadoc for full details on how to configure & use the plugin.*
The plugin works with the https://github.com/datastax/java-driver[Cassandra Java driver]:
----
CqlSession session = CqlSession.builder()
.addContactPoint(new InetSocketAddress(ipAddress, 9042))
.withAuthProvider(new ProgrammaticKerberosAuthProvider(
KerberosAuthOptions.builder().build()
)).build();
----
You may also configure the authenticator provider via file configuration as this driver builds
on top of Cassandra Driver version 4. Please consult Javadoc of `KerberosAuthProvider` to
know what configuration properties are available.
----
datastax-java-driver {
advanced.auth-provider {
class = com.instaclustr.cassandra.driver.auth.KerberosAuthProvider
... options
}
}
----
A JAAS config file is also required. The following example retrieves a TGT from the local Kerberos ticket cache:
----
CassandraJavaClient {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
----
This particular example requires that the Kerberos client libraries & tools (`kinit` in particular) are installed.
The location of the JAAS config file must be provided via the `java.security.auth.login.config` system property.
For example: `java -Djava.security.auth.login.config=/path/to/jaas.conf -jar MyApplication.jar`
=== Build
If you would like to build the JAR package from source, checkout this project and run `mvn clean package`.
Please see https://www.instaclustr.com/support/documentation/announcements/instaclustr-open-source-project-status/[status] for Instaclustr support status of this project.