Creating Kerberos users

Steps to create Kerberos users.

The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra.yaml
Tarball installations install_location/resources/cassandra/conf/cassandra.yaml

Steps to create Kerberos users.

Procedure

  1. In the cassandra.yaml file, set the password authenticator:
    authenticator: org.apache.cassandra.auth.PasswordAuthenticator
  2. Start cqlsh and login using the superuser name and password:
    $ ./cqlsh -u cassandra -p cassandra
  3. Create the other Kerberos users, such as user@REALM. Be sure to create at least one user with superuser privileges.
    cqlsh> create user 'newuser@YOURREALM' with password 'secret123' SUPERUSER;
  4. (Highly recommended.) Remove the cassandra user. See DROP USER.
  5. Re-enable Kerberos authorization in the cassandra.yaml file:
    authenticator: com.datastax.bdp.cassandra.auth.KerberosAuthenticator
  6. When you create new users with Kerberos authentication enabled, you do not specify a password for the new user.
    cqlsh> create user 'newuser@YOURREALM';