cassandra.auth - Authentication
class AuthProvider
An abstract class that defines the interface that will be used for
creating Authenticator instances when opening new
connections to Cassandra.
Methods
new_authenticator
(host)Implementations of this class should return a new instance
of Authenticator or one of its subclasses.
class Authenticator
An abstract class that handles SASL authentication with Cassandra servers.
Each time a new connection is created and the server requires authentication,
a new instance of this class will be created by the corresponding
AuthProvider to handler that authentication. The lifecycle of the
new Authenticator will the be:
1) The initial_response() method will be called. The return
value will be sent to the server to initiate the handshake.
2) The server will respond to each client response by either issuing a
challenge or indicating that the authentication is complete (successful or not).
If a new challenge is issued, evaluate_challenge()
will be called to produce a response that will be sent to the
server. This challenge/response negotiation will continue until the server
responds that authentication is successful (or an AuthenticationFailed
is raised).
3) When the server indicates that authentication is successful,
on_authentication_success() will be called a token string that
that the server may optionally have sent.
The exact nature of the negotiation between the client and server is specific to the authentication mechanism configured server-side.
New in version 2.0.0.Attributes
server_authenticator_class
= NoneSet during the connection AUTHENTICATE phase
Methods
initial_response
()Returns an message to send to the server to initiate the SASL handshake.
None may be returned to send an empty message.
evaluate_challenge
(challenge)Called when the server sends a challenge message. Generally, this method
should return None when authentication is complete from a
client perspective. Otherwise, a string should be returned.
on_authentication_success
(token)Called when the server indicates that authentication was successful.
Depending on the authentication mechanism, token may be None
or a string.
class PlainTextAuthProvider
An AuthProvider that works with Cassandra’s PasswordAuthenticator.
Example usage:
from cassandra.cluster import Cluster
from cassandra.auth import PlainTextAuthProvider
auth_provider = PlainTextAuthProvider(
username='cassandra', password='cassandra')
cluster = Cluster(auth_provider=auth_provider)
Methods
new_authenticator
(host)Implementations of this class should return a new instance
of Authenticator or one of its subclasses.
class PlainTextAuthenticator
An Authenticator that works with Cassandra’s PasswordAuthenticator.
Methods
initial_response
()Returns an message to send to the server to initiate the SASL handshake.
None may be returned to send an empty message.
evaluate_challenge
(challenge)Called when the server sends a challenge message. Generally, this method
should return None when authentication is complete from a
client perspective. Otherwise, a string should be returned.
class SaslAuthProvider
An AuthProvider supporting general SASL auth mechanisms
Suitable for GSSAPI or other SASL mechanisms
Example usage:
from cassandra.cluster import Cluster
from cassandra.auth import SaslAuthProvider
sasl_kwargs = {'service': 'something',
'mechanism': 'GSSAPI',
'qops': 'auth'.split(',')}
auth_provider = SaslAuthProvider(**sasl_kwargs)
cluster = Cluster(auth_provider=auth_provider)
Methods
new_authenticator
(host)Implementations of this class should return a new instance
of Authenticator or one of its subclasses.
class SaslAuthenticator
A pass-through Authenticator using the third party package
‘pure-sasl’ for authentication
Methods
initial_response
()Returns an message to send to the server to initiate the SASL handshake.
None may be returned to send an empty message.
evaluate_challenge
(challenge)Called when the server sends a challenge message. Generally, this method
should return None when authentication is complete from a
client perspective. Otherwise, a string should be returned.