TransitionalAuthenticator and TransitionalAuthorizer allow internal authentication
and authorization to be enabled without downtime or modification to client code or
configuration.
The TransitionalAuthenticator and
TransitionalAuthorizer allow internal authentication and
authorization to be enabled without downtime or modification to client code or
configuration.
Procedure
-
On each node, in the file:
The location of the
cassandra.yaml file depends on
the type of installation:
Package installations |
/etc/dse/cassandra/cassandra.yaml |
Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |
- Set the authenticator to
com.datastax.bdp.cassandra.auth.TransitionalAuthenticator.
- Set the authorizer to
com.datastax.bdp.cassandra.auth.TransitionalAuthorizer.
-
Perform a rolling restart.
-
Run a full repair of the system_auth
keyspace
-
After the restarts are complete, use cqlsh with the default superuser login to
setup the users, credentials, and permissions.
-
After the setup is complete, edit the cassandra.yaml file
again and perform another rolling restart:
- Change the authenticator to
org.apache.cassandra.auth.PasswordAuthenticator.
- Change the authorizer to
org.apache.cassandra.auth.CassandraAuthorizer.
-
After the restarts have completed, remove the default superuser and create at least one new
superuser.