Enabling internal security without downtime 

Steps for enabling security without downtime when using DSE Unified Authentication using transitional mode.

How to enable security when using DSE Unified Authentication without downtime using transitional mode. Transitional mode is a temporary mode that supports authentication and authorization to be enabled without downtime or modification to client code or configuration.

Procedure

  1. On each node, configure authentication in transitional mode as described in Configuring authentication.
  2. On each node, configure authorization in transitional mode as described in Configuring authorization.
    The location of the cassandra.yaml file depends on the type of installation:
    Installer-Services /etc/dse/cassandra/cassandra.yaml
    Package installations /etc/dse/cassandra/cassandra.yaml
    Installer-No Services install_location/resources/cassandra/conf/cassandra.yaml
    Tarball installations install_location/resources/cassandra/conf/cassandra.yaml
    The location of the dse.yaml file depends on the type of installation:
    Installer-Services /etc/dse/dse.yaml
    Package installations /etc/dse/dse.yaml
    Installer-No Services install_location/resources/dse/conf/dse.yaml
    Tarball installations install_location/resources/dse/conf/dse.yaml
  3. Perform a rolling restart.
  4. Run a full repair of the system_auth and dse_auth keyspace.
  5. After the restarts are complete, use cqlsh with the default superuser login to setup the users, credentials, and permissions.
  6. Configure all client applications to send login credentials.
  7. To enable full authentication and authorization, turn off transitional mode. See Configuring authentication and Configuring authorization.
  8. After the setup is complete, perform another rolling restart.
  9. After the restarts have completed, remove the default superuser and create at least one new superuser.