Enabling cqlsh to use Kerberos

Install required packages to use cqlsh with Kerberos.

Install required packages to use cqlsh with Kerberos.

Prerequisites

To use cqlsh with a Kerberized cluster, you must install the python-pure-sasl packages and PyKerberos.
  • The python-pure-sasl package is a pure Python client-side SASL (Simple Authentication and Security Layer) implementation.
  • The PyKerberos package is a high-level wrapper for Kerberos (GSSAPI) operations.

Procedure

To use cqlsh with Kerberos:

  1. Set up Kerberos using the guidelines in Kerberos guidelines.
  2. Ensure that the Kerberos client is installed and configured in your Kerberos realm:
    RHEL-based platforms
    yum install krb5-workstation krb5-libs krb5-auth-dialog
    Debian-based platforms
    sudo apt-get install krb5-user
    Mac OS X
    See the documentation MIT Kerberos Consortium.
  3. Install pure-sasl:
    sudo pip install pure-sasl
  4. Install PyKerberos. Use only the python2[67]-kerberos RPM provided by rpm.datastax.com repository for RedHat.
    RHEL 6
    sudo yum install python26-kerberos
    RHEL 7
    sudo yum install python27-kerberos
    Note: RedHat EL7 might install a python-kerberos RPM that is distributed on its own official repository, but it is not compatible with cqlsh kerberos. You must use the python27-kerberos RPM from the rpm.datastax.com repository.
    Debian-based platforms
    sudo apt-get install python-kerberos
    Other platforms
    sudo pip install kerberos
  5. You must create the Kerberos user, such as user@REALM.
  6. Create a cqlshrc file in ~/.cassandra or client program ~/.cassandra directory.
  7. Specify the hostname when you login. When using Kerberos, the host is required.
    cqlsh [options] host [port]