Steps to configure internal authentication and authorization.
You must set internal authentication and authorization at the same time. After
setting the Authorizer and the Authenticator
in the cassandra.yaml file, you can set object
permissions, as described in Managing object permissions using internal authorization.
Procedure
-
Change the authenticator option in the cassandra.yaml to
the native Cassandra PasswordAuthenticator by uncommenting
only the PasswordAuthenticator:
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
You can use any authenticator except AllowAll.
-
Change the authorizer option by commenting the
AllowAllAuthorizer and adding the
CassandraAuthorizer:
#authorizer: org.apache.cassandra.auth.AllowAllAuthorizer
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
-
Restart the node.
-
Configure the system_auth keyspace
replication factor.
Fetching permissions can be an expensive operation. If necessary, adjust the
validity period for permissions caching by setting the permissions_validity_in_ms option
in the cassandra.yaml. You can also disable permission
caching by setting this option to 0.
-
Run a full repair of the system_auth
keyspace.
-
Start cqlsh using the same superuser name and password (cassandra) that you use
to start the supported client. For example, to start cqlsh in CQL 3 mode on
Linux:
./cqlsh -u cassandra -p cassandra
You can now change the superuser's user name and password.