Configuring system_auth keyspace replication
The system_auth and dse_security keyspaces store security authentication and authorization information.
Cassandra uses the system_auth keyspace for storing security authentication and authorization information. If you use the following authenticator/authorizer, you must set the replication factor with a keyspace command such as ALTER KEYSPACE to prevent a potential problem logging into a secure cluster:
- authenticator: org.apache.cassandra.auth.PasswordAuthenticator: the users' hashed passwords in system_auth.credentials table
- authorizer: org.apache.cassandra.auth.CassandraAuthorizer: the users' permissions in system_auth.permissions table
Setting the replication factor
Do not use the default replication factor of 1 for the system_auth keyspace. In a multi-node cluster, using the default of 1 precludes logging into any node when the node that stores the user data is down. For most system_auth queries, Cassandra uses a consistency level of LOCAL_ONE and uses QUORUM for the default cassandrasuperuser; see Configuring data consistency.
Procedure
- SimpleStrategy
example:
ALTER KEYSPACE "system_auth" WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 3 };
- NetworkTopologyStrategy
example:
ALTER KEYSPACE "system_auth" WITH REPLICATION = {'class' : 'NetworkTopologyStrategy', 'dc1' : 3, 'dc2' : 2};