Enabling cqlsh for Kerberos security

Install required packages to use cqlsh with Kerberos.

Install required packages to use cqlsh with Kerberos.

Prerequisites

To use cqlsh with a Kerberized cluster, you must install the PyKerberos and python-pure-sasl packages.
  • The PyKerberos package is a high-level wrapper for Kerberos (GSSAPI) operations.
  • The python-pure-sasl package is a pure Python client-side SASL (Simple Authentication and Security Layer) implementation.
  • To set up Kerberos, follow the guidelines in Kerberos guidelines.
  • The Kerberos client must be installed and configured in your Kerberos realm:
    RHEL
    $ yum install krb5-workstation krb5-libs krb5-auth-dialog
    Ubuntu/Debian
    $ sudo apt-get install krb5-user
    Mac OS X
    See the documentation MIT Kerberos Consortium.

Procedure

To use cqlsh with Kerberos:

  1. Install pure-sasl:
    $ sudo pip install pure-sasl
  2. Install PyKerberos:
    RHEL
    $ sudo yum install python-kerberos
    Ubuntu/Debian
    $ sudo apt-get install python-kerberos
    Other
    $ sudo pip install kerberos
  3. Create a cqlshrc file in ~/.cassandra or client program ~/.cassandra directory.
  4. You must create the Kerberos user, such as user@REALM.