Using password authentication or the cassandra@REALM Kerberos principal to create
Kerberos users.
DataStax Enterprise automatically creates a cassandra
superuser,
which you can authenticate as and use cqlsh to create other
users.
Procedure
-
In the file, set the password
authenticator:
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
-
Start cqlsh and login using the superuser name and
password:
$ ./cqlsh -u cassandra -p cassandra
-
Create the other Kerberos users, such as
user@REALM
. Be sure
to create at least one with superuser privileges.
cqlsh> create user 'art3mis@EXAMPLE.COM' SUPERUSER;
- Optional:
(Highly recommended.) Remove the
cassandra
user. See DROP USER.
-
Re-enable Kerberos authorization in the cassandra.yaml
file:
authenticator: com.datastax.bdp.cassandra.auth.KerberosAuthenticator
The location of the
cassandra.yaml file depends on
the type of installation:
Package installations |
/etc/cassandra/cassandra.yaml |
Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |