Configure Cassandra Authentication
- refer to official page
Configurate the authenticator option
- edit
/etc/cassandra/cassandra.yaml
# search and the following setting
# default is AllowAllAuthenticator
authenticator: PasswordAuthenticator
Increase replication factor
- increase the
replication factorto prevent the only one node (default node count is 1) going down, refer to more info
# login the cassendra service
$ cqlsh localhost
- one datacenter increases the replication factors
# NetworkTopologyStrategy is better for the future extension
cqlsh > ALTER KEYSPACE system_auth WITH REPLICATION =
{'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 };
- multiple centers increase the replication factors
cqlsh > ALTER KEYSPACE system_auth WITH REPLICATION =
{'class' : 'NetworkTopologyStrategy', 'datacenter1' : 2, 'datacenter2' : 3 };
after increase the replication factors, on each affected node, run nodetool repair
$ nodetool repair
start cqlsh and check replication factor of the system_auth
# login the cassandra service
$ cqlsh localhost
# check replication factor
cqlsh > describe system_auth;
# ...
# CREATE KEYSPACE system_auth WITH replication = { (replication info) } AND durable_writes = true;
# ...
- restart the cassandra service
$ service cassandra restart
Create a new cqlsh user
# start and login cqlsh
$ cqlsh -u cassandra -p cassandra
# Create another superuser, not named cassandra.
# Three types of user creating as the following command
# CREATE USER spillman WITH PASSWORD 'Niner27';
# CREATE USER akers WITH PASSWORD 'Niner2' SUPERUSER;
# CREATE USER boone WITH PASSWORD 'Niner75' NOSUPERUSER;
cqlsh > CREATE USER spark WITH PASSWORD 'spark' SUPERUSER;
# modify the account cassandra password
cqlsh > alter user cassandra with password 'csdPWD';
# modify default cassandra superuser to nosuperuser
# by others superuser account
cqlsh > alter user cassandra nosuperuser;