Configuration exceptions

When authentication and authorization classes conflict or the resource is unreachable, the database cannot start.

Incompatible authentication and authorization settings 

Problem description

When settings do not match DataStax Enterprise fails to start. For example, dse.yaml with authentication_options.enabled: false and authorization_options.enabled: true, prevents DSE from starting and has the following errors in cassandra/system.log:

Caused by: org.apache.cassandra.exceptions.ConfigurationException: com.datastax.bdp.cassandra.auth.DseAuthenticator does not currently require authentication, so it can't be used with com.datastax.bdp.cassandra.auth.DseAuthorizer which does currently require authorization. You need to either choose new classes or update their configurations so they are compatible.


Set both authentication_options and authorization_options enabled to the same setting in the dse.yaml file.

External authentication services unreachable 

Problem description

DataStax Enterprise start up fails when authentication_options.enabled: true and a scheme is not configured or the corresponding service is unavailable that is configured in the dse.yaml:
  • role_manager.mode
  • authentication_options.default_scheme
  • authentication_options.other_scheme

For example, when the default_schema is set to kerberos and the KDS server defined in the kerberos_options is unavailable, the cassandra/system.log shows the following start up error:

1) An exception was caught and reported. Message: The dse service keytab at this location resources/dse/conf/dse.keytab either doesn't exist or cannot be read by the dse service at com.datastax.bdp.DseModule.configure(Unknown Source)


Ensure that the configured KDC or LDAP host is available or remove the scheme setting from the DSE Authenticator or Role Manager options.