Authentication — Cassandra Driver 3.13.0 documentation (original) (raw)

class cassandra.auth. AuthProvider[source]¶

An abstract class that defines the interface that will be used for creating Authenticator instances when opening new connections to Cassandra.

New in version 2.0.0.

new_authenticator(host)[source]¶

Implementations of this class should return a new instance of Authenticator or one of its subclasses.

class cassandra.auth. Authenticator[source]¶

An abstract class that handles SASL authentication with Cassandra servers.

Each time a new connection is created and the server requires authentication, a new instance of this class will be created by the correspondingAuthProvider to handler that authentication. The lifecycle of the new Authenticator will the be:

1. The initial_response() method will be called. The return value will be sent to the server to initiate the handshake.

2. The server will respond to each client response by either issuing a challenge or indicating that the authentication is complete (successful or not). If a new challenge is issued, evaluate_challenge()will be called to produce a response that will be sent to the server. This challenge/response negotiation will continue until the server responds that authentication is successful (or an AuthenticationFailedis raised).

3. When the server indicates that authentication is successful,on_authentication_success() will be called a token string that that the server may optionally have sent.

The exact nature of the negotiation between the client and server is specific to the authentication mechanism configured server-side.

New in version 2.0.0.

server_authenticator_class = None¶

Set during the connection AUTHENTICATE phase

initial_response()[source]¶

Returns an message to send to the server to initiate the SASL handshake.None may be returned to send an empty message.

evaluate_challenge(challenge)[source]¶

Called when the server sends a challenge message. Generally, this method should return None when authentication is complete from a client perspective. Otherwise, a string should be returned.

on_authentication_success(token)[source]¶

Called when the server indicates that authentication was successful. Depending on the authentication mechanism, token may be Noneor a string.

class cassandra.auth. PlainTextAuthProvider(username, password)[source]¶

An AuthProvider that works with Cassandra’s PasswordAuthenticator.

Example usage:

from cassandra.cluster import Cluster from cassandra.auth import PlainTextAuthProvider

auth_provider = PlainTextAuthProvider( username='cassandra', password='cassandra') cluster = Cluster(auth_provider=auth_provider)

New in version 2.0.0.

class cassandra.auth. PlainTextAuthenticator(username, password)[source]¶

An Authenticator that works with Cassandra’s PasswordAuthenticator.

New in version 2.0.0.

class cassandra.auth. SaslAuthProvider(**sasl_kwargs)[source]¶

An AuthProvider supporting general SASL auth mechanisms

Suitable for GSSAPI or other SASL mechanisms

Example usage:

from cassandra.cluster import Cluster from cassandra.auth import SaslAuthProvider

sasl_kwargs = {'service': 'something', 'mechanism': 'GSSAPI', 'qops': 'auth'.split(',')} auth_provider = SaslAuthProvider(**sasl_kwargs) cluster = Cluster(auth_provider=auth_provider)

New in version 2.1.4.

class cassandra.auth. SaslAuthenticator(host, service, mechanism='GSSAPI', **sasl_kwargs)[source]¶

A pass-through Authenticator using the third party package ‘pure-sasl’ for authentication

New in version 2.1.4.