Steps for enabling security without downtime when using DSE Unified Authentication
using transitional mode.
How to enable security when using DSE Unified Authentication without downtime using
transitional mode. Transitional mode is a temporary mode that supports
authentication and authorization to be enabled without downtime or modification
to client code or configuration.
Procedure
-
On each node, configure authentication in transitional mode as described in
Configuring authentication.
-
On each node, configure authorization in transitional mode as described in
Configuring authorization.
The
location of the
cassandra.yaml file
depends on the type of installation:
| Installer-Services |
/etc/dse/cassandra/cassandra.yaml |
| Package installations |
/etc/dse/cassandra/cassandra.yaml |
| Installer-No Services |
install_location/resources/cassandra/conf/cassandra.yaml |
| Tarball installations |
install_location/resources/cassandra/conf/cassandra.yaml |
The location of
the
dse.yaml file depends
on the type of installation:
| Installer-Services |
/etc/dse/dse.yaml |
| Package installations |
/etc/dse/dse.yaml |
| Installer-No Services |
install_location/resources/dse/conf/dse.yaml |
| Tarball installations |
install_location/resources/dse/conf/dse.yaml |
-
Perform a rolling restart.
-
Run a full repair of the system_auth and
dse_auth keyspace.
-
After the restarts are complete, use cqlsh with the default superuser login to
setup the users, credentials, and permissions.
-
Configure all client applications to send login credentials.
-
To enable full authentication and authorization, turn off transitional mode.
See Configuring authentication and
Configuring authorization.
-
After the setup is complete, perform another rolling restart.
-
After the restarts have completed, remove the default superuser and create at least one new
superuser.
