Enabling DSE Unified Authentication
DSE provides unified authentication from utilities such as dsetool and nodetool as well as external monitoring tools such as JConsole that interface with the database using Java Management Extensions (JMX) MBeans.
To authorize access, see Controlling access to JMX MBeans.
|
DSE also supports local JMX authentication, which stores credentials and provides access control using a local file. When authenticate and authorization are disabled on DSE, you can implement file based JMX remote authentication. |
Prerequisites
To use DSE Unified Authentication for JMX users, complete Enabling DSE Unified Authentication.
|
Only use Java JMX remote authentication with local files in environments where DSE Unified Authentication and RBAC are disabled. |
Procedure
-
On DSE nodes that you want to allow access, set the JMX remote authenticate to true for remote and/or local:
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
Connections are tested to see if they are local, change the first instance to enable authentication on local connections and the second instance (in the else statement) to enable remote.
-
Disable local authentication by commenting out the following lines:
#JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password" #JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access" -
To enable external authentication using DSE Authenticator, uncomment the following lines:
JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin"' JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_HOME/conf/cassandra-jaas.config" JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy" -
Restart DSE.
