Providing credentials for authentication

Authentication works with any combination of internal Cassandra password authentication, LDAP pass-through authentication, and Kerberos authentication.

Authentication is supported for use with dse commands and the dsetool utility.

Providing credentials

You can provide the credentials in several ways:

Command line

Provide login credentials on the command line:

$ dse [-u username -p password] [-f config_file] [-a jmx_username -b jmx_password] subcommand

dsetool dsetool [-l username -p password] [-f config_file] [-a jmx_username -b jmx_password] subcommand

where:

-f config_file is the path to a configuration file that stores credentials. If not specified, then use ~/.dserc if it exists.
The configuration file can contain Cassandra and JMX login credentials. For example:
```
username=cassandra
password=cassandra
jmx_username=cassandra
jmx_password=jmx
```
The credentials in the configuration file are stored in clear text. DataStax recommends restricting access to this file only to the specific user.
--ssl enables SSL encryption.
dse -u username is the user name to authenticate against the configured Cassandra user.
dsetool -l username is the user name to authenticate against the configured Cassandra user.
-p password is the password to authenticate against the configured Cassandra user. If you do not provide a password on the command line, you are prompted to enter one.
-a jmx_username is the user name for authenticating with secure JMX.
-b jmx_username is the password for authenticating with secure JMX. If you do not provide a password on the command line, you are prompted to enter one.

~/.dserc file

Create a file named .dserc in your home directory. The ~/.dserc file contains the Cassandra user name and password:

username=username
password=password

When you launch a password-protected tool and authentication is not provided on the command line, the credentials in the ~/.dserc file are used. The ~/.dserc is ignored when a configuration file is specified with -f.