Providing credentials for authentication
Methods to provide credentials for authenticating with DSE.
Authentication is supported for use with dse commands and the dsetool utility. To configure external client access to DataStax Enterprise commands, see RPCs over Cassandra native protocol.
Providing credentials
You can provide authentication credentials in several ways:
- Command line
- Provide login credentials on the command line:
$ dse [connection_options] subcommand
dse client-tool [connection_options] subcommand
dsetool [connection_options] subcommand
where the connection_options include:-f config_file
- the path to a configuration file that stores credentials. If not specified, then use ~/.dserc if it exists.The configuration file can contain Cassandra and JMX login credentials. For example:
The credentials in the configuration file are stored in clear text. DataStax recommends restricting access to this file only to the specific user.username=cassandra password=cassandra jmx_username=cassandra jmx_password=jmx
- dse
-u username
is the user name to authenticate against the configured Cassandra user. - dsetool
-l username
is the user name to authenticate against the configured Cassandra role. -p password
is the password to authenticate against the configured Cassandra role. If you do not provide a password on the command line, you are prompted to enter one.-a jmx_username
is the user name for authenticating with secure JMX.-b jmx_username
is the password for authenticating with secure JMX. If you do not provide a password on the command line, you are prompted to enter one.subcommand
is any dse, dse client-tool, or dsetool subcommand.
- ~/.dserc file
- Create a file named .dserc in your home directory.
The ~/.dserc file contains the Cassandra user name
and
password:
username=username password=password
When you launch a password-protected tool and authentication is not provided on the command line, the credentials in the ~/.dserc file are used. The ~/.dserc is ignored when a configuration file is specified with
-f
. - Environment variables for dse client-tool and Spark commands
- To increase security and prevent authentication credentials from
appearing in log files, DataStax recommends using environment variables
instead of passing credentials on the command line or in the .dserc
file. Add the environment variables to your Bash
.profile or .bash_profile
files.Use environment variables DSE_USERNAME and DSE_PASSWORD to specify a user name and password:
export DSE_USERNAME=username export DSE_PASSWORD=password
Use environment variable DSE_TOKEN to specify a delegation token when Kerberos is used:export DSE_TOKEN=delegation_token