Sunday, May 24, 2015

Creating a New User in Cassandra Database

Introduction...

Hi All,

Recently I was working on user authentication of DSE(DataStax Enterprise[1]) Cassandra and I noticed that any username and password allowed me to access the cassandra cluster. So I looked into the docs and saw that there are several authenticators[2].

By default the used authenticator is the "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator which allowed access with any username and password. So to create a user and grant permissions, you can follow these steps...

Steps...

Shutdown the Cassandra cluster(can use kill -9) if it is already running and the modify the cassandra.yaml file. If you are using DSE cassandra, it will reside in "<DSE_HOME>/resources/cassandra/conf/cassandra.yaml". Else if you are using Apache Cassandra, it will reside in "<APACHE_CASSANDRA_HOME>/conf/cassandra.yaml".

Modify the file in a way that "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator is commented and add "org.apache.cassandra.auth.PasswordAuthenticator" authenticator[3].
#authenticator: AllowAllAuthenticator
authenticator: PasswordAuthenticator

By default, Cassandra has a user with username as "cassandra" and password as "cassandra" which can be used to create a new user using "cqlsh" tool[4]. Login using the "cqlsh" tool by executing the following command.

./cqlsh localhost -u cassandra -p cassandra

After the cqlsh console is opened, to get the current list of users run the following command.

list users;

To create a new user, run the following command. Here the username is "myUserName" and the password is "myPassword".

CREATE USER myUserName WITH PASSWORD 'myPassword' SUPERUSER;

The above user will get created with superuser privileges. The newly created user should be there when running the "list users;" command again.

Goodluck!!!

References...

[1] - http://www.datastax.com/products/products-index
[2] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/secure_config_native_authorize_t.html
[3] - http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra
[4] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html

1 comment:

  1. Thank you for sharing such knowledgeable post its not only helpful for the old but also new student for better preparation. I just share your post with my friends so that they can also read your post. Cassandra Certification Online Course.

    ReplyDelete