mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef795eda5b6030efc5eb2da8c705d2ffbc72868d
scylladb/auth
History
Dario Mirovic fd17dcbec8 auth: do not create default 'cassandra:cassandra' superuser 
Changes the behavior of default superuser creation.
Previously, without configuration 'cassandra:cassandra' credentials
were used. Now default superuser creation is skipped if not configured.

The two ways to create default superuser are:
- Config file - auth_superuser_name and auth_superuser_salted_password fields
- Maintenance socket - connect over maintenance socket and CREATE/ALTER ROLE ...

Behavior changes:

Old behavior:
- No config - 'cassandra:cassandra' created
- auth_superuser_name only - <name>:cassandra created
- auth_superuser_salted_password only - 'cassandra:<password>' created
- Both specified - '<name>:<password>' created

New behavior:
- No config - no default superuser
    - Requires maintenance socket setup
- auth_superuser_name only - '<name>:' created WITHOUT password
    - Requires maintenance socket setup
- auth_superuser_salted_password only - no default superuser
- Both specified - '<name>:<password>' created

Fixes SCYLLADB-409
2026-03-03 23:42:25 +01:00
..
allow_all_authenticator.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
allow_all_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
allow_all_authorizer.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
allow_all_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authentication_options.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticator.cc
Introduce LDAP role manager & saslauthd authenticator
2025-01-12 14:50:29 +02:00
authenticator.hh
auth: ensure default superuser password is set before serving CQL
2025-02-06 10:30:55 +01:00
authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cache.cc
auth: cache: fix permissions iterator invalidation in reload_all_permissions
2026-02-23 12:14:22 +01:00
cache.hh
auth: add cache size metrics
2026-02-17 18:18:40 +01:00
certificate_authenticator.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
certificate_authenticator.hh
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
CMakeLists.txt
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
common.cc
auth: always catch by const reference
2025-12-11 12:42:30 +01:00
common.hh
auth: move table names to common.hh
2025-11-26 12:00:50 +01:00
default_authorizer.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
default_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
ldap_role_manager.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
ldap_role_manager.hh
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
maintenance_socket_authenticator.cc
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
maintenance_socket_authenticator.hh
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
maintenance_socket_role_manager.cc
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
maintenance_socket_role_manager.hh
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
password_authenticator.cc
auth: do not create default 'cassandra:cassandra' superuser
2026-03-03 23:42:25 +01:00
password_authenticator.hh
auth: do not create default 'cassandra:cassandra' superuser
2026-03-03 23:42:25 +01:00
passwords.cc
auth: change return type of passwords::check to future
2025-12-10 15:36:18 +01:00
passwords.hh
auth: remove confusing deprecation msg from hash_with_salt
2026-01-12 10:12:54 +01:00
permission.cc
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
permission.hh
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
resource.cc
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
resource.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_manager.hh
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
role_or_anonymous.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_or_anonymous.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
roles-metadata.cc
auth: mark some auth-v1 functions as legacy
2025-09-26 14:40:53 +02:00
roles-metadata.hh
auth: mark some auth-v1 functions as legacy
2025-09-26 14:40:53 +02:00
sasl_challenge.cc
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
sasl_challenge.hh
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
saslauthd_authenticator.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
saslauthd_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
service.cc
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
service.hh
auth: enable role management operations via maintenance socket
2026-03-03 23:41:05 +01:00
standard_role_manager.cc
auth: do not create default 'cassandra:cassandra' superuser
2026-03-03 23:42:25 +01:00
standard_role_manager.hh
auth: switch find_record to use cache
2026-01-26 16:04:11 +01:00
transitional.cc
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00
transitional.hh
auth: remove class registrator usage
2026-03-03 22:31:35 +01:00