Steps to create Kerberos users.
The
location of the
cassandra.yaml file
depends on the type of installation:
| Installer-Services |
/etc/dse/cassandra/cassandra.yaml |
| Package installations |
/etc/dse/cassandra/cassandra.yaml |
| Installer-No Services |
install_location/resources/cassandra/conf/cassandra.yaml |
| Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |
Follow these steps to create Kerberos users.
Procedure
-
Configure authentication as described in Configuring authentication.
Note: If both
internal and Kerberos authentication are enabled, you do not
need to create passwords for the users you create.
-
Start cqlsh and login using the superuser name and
password:
$ ./cqlsh -u cassandra -p cassandra
-
Create the other Kerberos users, such as
user@REALM. Be sure
to create at least one user with superuser privileges.
cqlsh> create role 'newuser@YOURREALM' with password='secret123' AND SUPERUSER = true;
-
(Highly recommended) Change the
default superuser.
-
Enable Kerberos authentication as described in Configuring authentication.
-
If you have also enabled internal authentication, do not specify a password when creating new
users.
cqlsh> create role 'newuser2@YOURREALM' LOGIN = true;
