Introduction...
Hi All,
Recently I was working on user authentication of DSE(DataStax Enterprise[1]) Cassandra and I noticed that any username and password allowed me to access the cassandra cluster. So I looked into the docs and saw that there are several authenticators[2].
By default the used authenticator is the "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator which allowed access with any username and password. So to create a user and grant permissions, you can follow these steps...
Steps...
Shutdown the Cassandra cluster(can use kill -9) if it is already running and the modify the cassandra.yaml file. If you are using DSE cassandra, it will reside in "<DSE_HOME>/resources/cassandra/conf/cassandra.yaml". Else if you are using Apache Cassandra, it will reside in "<APACHE_CASSANDRA_HOME>/conf/cassandra.yaml".
Modify the file in a way that "org.apache.cassandra.auth.AllowAllAuthorizer" authenticator is commented and add "org.apache.cassandra.auth.PasswordAuthenticator" authenticator[3].#authenticator: AllowAllAuthenticator authenticator: PasswordAuthenticator
By default, Cassandra has a user with username as "cassandra" and password as "cassandra" which can be used to create a new user using "cqlsh" tool[4]. Login using the "cqlsh" tool by executing the following command.
./cqlsh localhost -u cassandra -p cassandra
After the cqlsh console is opened, to get the current list of users run the following command.
list users;
To create a new user, run the following command. Here the username is "myUserName" and the password is "myPassword".
CREATE USER myUserName WITH PASSWORD 'myPassword' SUPERUSER;
The above user will get created with superuser privileges. The newly created user should be there when running the "list users;" command again.
Goodluck!!!
References...
[1] - http://www.datastax.com/products/products-index[2] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/secure_config_native_authorize_t.html
[3] - http://www.datastax.com/dev/blog/a-quick-tour-of-internal-authentication-and-authorization-security-in-datastax-enterprise-and-apache-cassandra
[4] - http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html