DataStax Enterprise fails to start after configuring authentication 

DataStax Enterprise fails when authorization and authentications settings do not match or when external authentication services are unreachable.

The DataStax Enterprise Help Center also provides troubleshooting information.

Authorizer requires Authenticator 

Problem description

When settings do not match DataStax Enterprise fails to start. For example, dse.yaml with authentication_options.enabled: false and authorization_options.enabled: true, prevents DSE from starting and has the following errors in cassandra/system.log:

Caused by: org.apache.cassandra.exceptions.ConfigurationException: com.datastax.bdp.cassandra.auth.DseAuthenticator does not currently require authentication, so it can't be used with com.datastax.bdp.cassandra.auth.DseAuthorizer which does currently require authorization. You need to either choose new classes or update their configurations so they are compatible.

Solution

Set both authentication_options and authorization_options enabled to the same setting in the dse.yaml file.

External authentication services unreachable 

Problem description

DataStax Enterprise start up fails when authentication_options.enabled: true and a scheme is not configured or the corresponding service is unavailable that is configured in the dse.yaml:
  • role_manager.mode
  • authentication_options.default_scheme
  • authentication_options.other_scheme

For example, when the default_schema is set to kerberos and the KDS server defined in the kerberos_options is unavailable, the cassandra/system.log shows the following start up error:

1) An exception was caught and reported. Message: The dse service keytab at this location resources/dse/conf/dse.keytab either doesn't exist or cannot be read by the dse service at com.datastax.bdp.DseModule.configure(Unknown Source)

Solution

Ensure that the configured KDC or LDAP host is available or remove the scheme setting from the DSE Authenticator or Role Manager options.

The location of the dse.yaml file depends on the type of installation:

Package installations
Installer-Services installations

/etc/dse/dse.yaml

Tarball installations
Installer-No Services installations

install_location/resources/dse/conf/dse.yaml