Sunday, May 24, 2015

Creating a New User in Cassandra Database

Introduction...

Hi All,

Recently I was working on user authentication of DSE(DataStax Enterprise[1]) Cassandra and I noticed that any username and password allowed me to access the cassandra cluster. So I looked into the docs and saw that there are several authenticators[2].

By default the used authenticator is the "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator which allowed access with any username and password. So to create a user and grant permissions, you can follow these steps...

Steps...

Shutdown the Cassandra cluster(can use kill -9) if it is already running and the modify the cassandra.yaml file. If you are using DSE cassandra, it will reside in "<DSE_HOME>/resources/cassandra/conf/cassandra.yaml". Else if you are using Apache Cassandra, it will reside in "<APACHE_CASSANDRA_HOME>/conf/cassandra.yaml".

Modify the file in a way that "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator is commented and add "org.apache.cassandra.auth.PasswordAuthenticator" authenticator[3].
#authenticator: AllowAllAuthenticator
authenticator: PasswordAuthenticator

By default, Cassandra has a user with username as "cassandra" and password as "cassandra" which can be used to create a new user using "cqlsh" tool[4]. Login using the "cqlsh" tool by executing the following command.

./cqlsh localhost -u cassandra -p cassandra

After the cqlsh console is opened, to get the current list of users run the following command.

list users;

To create a new user, run the following command. Here the username is "myUserName" and the password is "myPassword".

CREATE USER myUserName WITH PASSWORD 'myPassword' SUPERUSER;

The above user will get created with superuser privileges. The newly created user should be there when running the "list users;" command again.

Goodluck!!!

References...

[1] - http://www.datastax.com/products/products-index
[2] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/secure_config_native_authorize_t.html
[3] - http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra
[4] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html

1 comment:

  1. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in TECHNOLOGY , kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor-led training on TECHNOLOGY. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ pieces of training in India, USA, UK, Australia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us.
    Pratik Shekhar
    MaxMunus
    E-mail: pratik@maxmunus.com
    Ph:(0) +91 9066268701
    http://www.maxmunus.com/

    ReplyDelete