Allow to specify different auth mechanisms #7988

locker · 2022-11-30T15:10:31Z

We need to provide the configuration API for specifying the authentication method:

Add a new dynamic box.cfg configuration option auth_type that will specify how authentication data is generated for new passwords. Default and the only allowed value is 'chap-sha1'.
Add a new net.box connection option auth_type that specifies the auth mechanism to use after establishing the connection.

#7986 should be done first.

The text was updated successfully, but these errors were encountered:

This commit adds a new box configuration option - box.cfg.auth_type. The option takes an authentication method name (string) that will be used by box.schema.user.passwd to generate user authentication data. The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of tarantool#7988 NO_DOC=ee NO_CHANGELOG=ee

This commit adds a new option for net.box.connect - auth_type. The option takes an authentication method name (string) that will be used to authenticate the client on connect. Like user name and password, the new option may also be passed via uri parameters, e.g. net.connect('host:port', { user = 'user', password = 'password', auth_type = 'chap-sha1', }) net.connect('user:password@host:port?auth_type=chap-sha1') The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of tarantool#7988 NO_DOC=ee NO_CHANGELOG=ee

The authentication method can be specified via the 'auth_type' uri parameter, e.g. box.cfg({replication = 'user:password@host:port?auth_type=chap-sha1'}) The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of tarantool#7988 NO_DOC=ee NO_CHANGELOG=ee

This commit adds a new box configuration option - box.cfg.auth_type. The option takes an authentication method name (string) that will be used by box.schema.user.passwd to generate user authentication data. The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of #7988 NO_DOC=ee NO_CHANGELOG=ee

This commit adds a new option for net.box.connect - auth_type. The option takes an authentication method name (string) that will be used to authenticate the client on connect. Like user name and password, the new option may also be passed via uri parameters, e.g. net.connect('host:port', { user = 'user', password = 'password', auth_type = 'chap-sha1', }) net.connect('user:password@host:port?auth_type=chap-sha1') The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of #7988 NO_DOC=ee NO_CHANGELOG=ee

The authentication method can be specified via the 'auth_type' uri parameter, e.g. box.cfg({replication = 'user:password@host:port?auth_type=chap-sha1'}) The only authentication method supported by Community Edition (CE) is 'chap-sha1' so we don't document or announce this feature in CE. More methods and tests will be added to Enterprise Edition (EE). Part of #7988 NO_DOC=ee NO_CHANGELOG=ee

Since Tarantool master 2574ff1a configuring authentication type is supported [1-2]. Together with this, Tarantool EE had introduced pap-sha256 authentication method support [3-4]. It can be used only together with SSL transport. To configure, use `auth_type` option in Connection, MeshConnection or ConnectionPool. Newest master (there is no dev build in customer zone yet) supports providing authentication method via IPROTO_ID response. So in this patch we also move ID request to be executed before authentication. 1. tarantool/tarantool#7988 2. tarantool/tarantool#7989 3. tarantool/tarantool-ee#295 4. tarantool/tarantool-ee#322 Closes #269

locker added the feature A new functionality label Nov 30, 2022

locker self-assigned this Nov 30, 2022

This was referenced Nov 30, 2022

Add default auth mechanism to IPROTO_ID response #7989

Closed

Generate random salt for each new user #7990

Closed

oleg-jukovec mentioned this issue Dec 1, 2022

Implement PAP-SHA256 auth mechanism tarantool/go-tarantool#243

Closed

locker added the 2.11 Target is 2.11 and all newer release/master branches label Dec 9, 2022

locker mentioned this issue Dec 12, 2022

Allow to specify different auth mechanisms #8046

Merged

locker closed this as completed in #8046 Dec 13, 2022

DifferentialOrange mentioned this issue Dec 24, 2022

api: support authentication methods tarantool/tarantool-python#273

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow to specify different auth mechanisms #7988

Allow to specify different auth mechanisms #7988

locker commented Nov 30, 2022

Allow to specify different auth mechanisms #7988

Allow to specify different auth mechanisms #7988

Comments

locker commented Nov 30, 2022