Configuring system_auth keyspace replication

The system_auth and dse_security keyspaces store security authentication and authorization information.

Cassandra uses the system_auth keyspace for storing security authentication and authorization information. If you use the following authenticator/authorizer, you must set the replication factor with a keyspace command such as ALTER KEYSPACE to prevent a potential problem logging into a secure cluster:

  • authenticator: org.apache.cassandra.auth.PasswordAuthenticator: the users' hashed passwords in system_auth.credentials table
  • authorizer: org.apache.cassandra.auth.CassandraAuthorizer: the users' permissions in system_auth.permissions table

Setting the replication factor 

Do not use the default replication factor of 1 for the system_auth keyspace. In a multi-node cluster, using the default of 1 precludes logging into any node when the node that stores the user data is down. For most system_auth queries, Cassandra uses a consistency level of LOCAL_ONE and uses QUORUM for the default cassandrasuperuser; see Configuring data consistency.

Procedure

Set the replication factor based on one of the following examples depending on your environment:
  • SimpleStrategy example:
    ALTER KEYSPACE "system_auth"
       WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 3 };
  • NetworkTopologyStrategy example:
    ALTER KEYSPACE "system_auth"
       WITH REPLICATION = {'class' : 'NetworkTopologyStrategy', 'dc1' : 3, 'dc2' : 2};