ProgrammaticKerberosAuthProvider (Cassandra Kerberos Authenticator 3.0.0 API)

java.lang.Object
- com.instaclustr.cassandra.driver.auth.KerberosAuthProviderBase
- - com.instaclustr.cassandra.driver.auth.ProgrammaticKerberosAuthProvider

All Implemented Interfaces:

com.datastax.oss.driver.api.core.auth.AuthProvider, AutoCloseable
```
public class ProgrammaticKerberosAuthProvider
extends KerberosAuthProviderBase
```
An AuthProvider implementation that provides authentication via GSS-API.
Specify this auth provider when creating a new Cluster object, as follows:
```
 CqlSession session = CqlSession.builder()
                      .addContactPoint(new InetSocketAddress(ipAddress, 9042))
                      .withAuthProvider(new ProgrammaticKerberosAuthProvider(KerberosAuthOptions.builder().build())).build();
 
```
Kerberos configuration file
Ensure that the host has a valid Kerberos configuration file, with the Kerberos realm and KDC configured.
SASL protocol name
The SASL protocol name defaults to KerberosOption#DEFAULT_SASL_PROTOCOL. It can be configured using the builder as follows:
```
 CqlSession session = CqlSession.builder()
     .addContactPoint(new InetSocketAddress(ipAddress, 9042))
     .withAuthProvider(new ProgrammaticKerberosAuthProvider(KerberosAuthOptions.builder().withSaslProtocol("cassandra").build())).build();

 
```
The SASL protocol name must match the service principal configured for the Kerberos authenticator plugin for Apache Cassandra.
e.g. If your service principal is cassandra/node1.cluster.example.com@EXAMPLE.COM then the SASL protocol name must be cassandra.
Override SASL server name
The SASL client will use the canonical host name from the contact point IP address. To override this behavior, configured the builder with a custom ServerNameResolver as follows:
```
 CqlSession session = CqlSession.builder()
     .addContactPoint(new InetSocketAddress(ipAddress, 9042))
     .withAuthProvider(new ProgrammaticKerberosAuthProvider(KerberosAuthOptions.builder().withServerNameResolver(new CustomServerNameResolver()).build())).build();
 
```
JAAS configuration file
A JAAS configuration file with an entry named "CassandraJavaClient" must be provided in order to provide the configuration details of the GSS-API subject. Specify the location of the JAAS configuration file via the java.security.auth.login.config system property or by adding an entry in the java.security properties file (see here for more details). The following example JAAS configuration demonstrates Kerberos authentication via a TGT in the local ticket cache:
```
 CassandraJavaClient {
    com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
 };
 
```
The following example JAAS configuration demonstrates Kerberos authentication via a keytab:
```
 CassandraJavaClient {
     com.sun.security.auth.module.Krb5LoginModule required
          storeKey=true
          principal="principal@MYREALM.COM"
          useKeyTab=true
          keyTab="/path/to/principal.keytab";
 };
 
```

Nested Class Summary
- Nested classes/interfaces inherited from class com.instaclustr.cassandra.driver.auth.KerberosAuthProviderBase
  KerberosAuthProviderBase.KerberosAuthOptions, KerberosAuthProviderBase.KerberosOption

Constructor Summary

Constructors
Constructor and Description

ProgrammaticKerberosAuthProvider(KerberosAuthProviderBase.KerberosAuthOptions options)

Constructors
Constructor and Description
`ProgrammaticKerberosAuthProvider(KerberosAuthProviderBase.KerberosAuthOptions options)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected KerberosAuthProviderBase.KerberosAuthOptions`	`getOptions(com.datastax.oss.driver.api.core.metadata.EndPoint endPoint)`

Methods inherited from class com.instaclustr.cassandra.driver.auth.KerberosAuthProviderBase
close, newAuthenticator, onMissingChallenge

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ProgrammaticKerberosAuthProvider

public ProgrammaticKerberosAuthProvider(KerberosAuthProviderBase.KerberosAuthOptions options)

Method Detail

getOptions

protected KerberosAuthProviderBase.KerberosAuthOptions getOptions(com.datastax.oss.driver.api.core.metadata.EndPoint endPoint)

Specified by:: getOptions in class KerberosAuthProviderBase

Class ProgrammaticKerberosAuthProvider

Kerberos configuration file

SASL protocol name

Override SASL server name

JAAS configuration file

Nested Class Summary

Nested classes/interfaces inherited from class com.instaclustr.cassandra.driver.auth.KerberosAuthProviderBase

Constructor Summary

Method Summary

Methods inherited from class com.instaclustr.cassandra.driver.auth.KerberosAuthProviderBase

Methods inherited from class java.lang.Object

Constructor Detail

ProgrammaticKerberosAuthProvider

Method Detail

getOptions