TransitionalAuthenticator and TransitionalAuthorizer allow internal authentication
and authorization to be enabled without downtime or modification to client code or
configuration.
The TransitionalAuthenticator and
TransitionalAuthorizer allow internal authentication and
authorization to be enabled without downtime or modification to client code or
configuration.
Procedure
-
On each node, in the file:
- Set the authenticator to
com.datastax.bdp.cassandra.auth.TransitionalAuthenticator.
- Set the authorizer to
com.datastax.bdp.cassandra.auth.TransitionalAuthorizer.
The location of the
cassandra.yaml file depends on
the type of installation:
Package installations |
/etc/cassandra/cassandra.yaml |
Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |
-
Perform a rolling restart.
-
Run a full repair of the system_auth
keyspace
-
Once the restarts are complete, use cqlsh with the default superuser login to
setup the users, credentials, and permissions.
-
Once the setup is complete, edit the cassandra.yaml file again and perform
another rolling restart:
- Change the authenticator to
org.apache.cassandra.auth.PasswordAuthenticator.
- Change the authorizer to
org.apache.cassandra.auth.CassandraAuthorizer.
-
After the restarts have completed, remove the default superuser and create at least one new
superuser.