TransitionalAuthenticator and TransitionalAuthorizer allow internal authentication
and authorization to be enabled without downtime or modification to client code or
configuration.
The TransitionalAuthenticator and
TransitionalAuthorizer allow internal authentication and
authorization to be enabled without downtime or modification to client code or
configuration.
Procedure
-
On each node, in the cassandra.yaml file:
- Set the authenticator to
com.datastax.bdp.cassandra.auth.TransitionalAuthenticator.
- Set the authorizer to
com.datastax.bdp.cassandra.auth.TransitionalAuthorizer.
-
Perform a rolling restart.
-
Run a full repair of the system_auth
keyspace
-
Once the restarts are complete, use cqlsh with the default superuser login to
setup the users, credentials, and permissions.
-
Once the setup is complete, edit the cassandra.yaml file again and perform
another rolling restart:
- Change the authenticator to
org.apache.cassandra.auth.PasswordAuthenticator.
- Change the authorizer to
org.apache.cassandra.auth.CassandraAuthorizer.
-
After the restarts have completed, remove the default superuser and create at least one new
superuser.
