Create a superuser and other users in Cassandra.
DataStax Enterprise automatically creates a cassandra
superuser but
it is unlikely that this user will be available on the remote LDAP service. Use the
following steps to create a superuser and other users in Cassandra.
Procedure
-
In the file, set the
authenticator to
org.apache.cassandra.auth.PasswordAuthenticator.
The location of the
cassandra.yaml file depends on
the type of installation:
Package installations |
/etc/dse/cassandra/cassandra.yaml |
Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |
authenticator: org.apache.cassandra.auth.PasswordAuthenticator
-
Start
cqlsh
and login using the superuser name and
password.
./cqlsh -u cassandra -p cassandra
-
Create the other LDAP users but give
them blank passwords. Be sure to create at least one with superuser privileges.
These users need to match the available users in the remote LDAP service.
-
Re-enable LDAP authorization in the cassandra.yaml
file.
authenticator: com.datastax.bdp.cassandra.auth.LdapAuthenticator
-
Login as the new superuser and delete the default
cassandra
user.
Note: This step is highly recommended to improve the security DataStax
Enterprise.
-
Enable LDAP authentication on each node
in the cluster.