mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-21 17:10:35 +00:00
206fdf2848
We introduce a way to create a role with explictly provided salted hash. The algorithm for creating a role with a password works like this: 1. The user issues a statement `CREATE ROLE <role> WITH PASSWORD = '<password>' <...>`. 2. Scylla produces a hash based on the value of `<password>`. 3. Scylla puts the produced hash in `system.roles`, in the column `salted_hash`. The newly introduced way to create a role is based on a new form of the create statement: `CREATE ROLE <role> WITH SALTED HASH = '<salted_hash>` The difference in the algorithm used for processing this statement is that we insert `<salted_hash>` into `system.roles` directly, without hashing it. The rationale for introducing this new statement is that we want to be able to restore roles. The original password isn't stored anywhere in the database (as intended), so we need to rely on the column `salted_hash`.