dse client-tool connection options

The dse client-tool commands use DSE Unified Authentication, which is also used by DataStax-compatible drivers for Apache Cassandra®.

The authentication configuration in dse.yaml and cassandra.yaml determines the enabled authentication mechanisms and the credentials that are required to connect external clients to a DSE node. You can provide authentication credentials in several ways, see Provide credentials from DSE tools.

RPC permissions over the native protocol leverage DSE authentication and role-based access abilities. To configure external client access to DSE commands, see Authorizing Remote Procedure Calls (RPC).

DSE proxy authentication can be used with dse client-tool, and delegation tokens can be generated for the proxy authenticated role. For example, if the role alice is authenticated, and alice uses proxy authorization to the role bob, the delegation token for alice can be used authenticate as alice and authorize as bob. If bob loses login permissions, the token can still be used to login as alice, because the token reflects authentication for alice. If alice loses authorization permissions for bob, then the token cannot be used to login.

Synopsis

Provide the connection options before the command, subcommand, and options:

dse client-tool
[-a <proxy_auth_username>] [-u <username>] [-p <password>]
[--port <port>] [--host <hostname>]
[--sasl-protocol-name <dse_service_principal>]
[--keystore-path <ssl_keystore_path>]
[--keystore-password <keystore_password>]
[--keystore-type <ssl_keystore_type>]
[--truststore-path <ssl_truststore_path>]
[--truststore-password <ssl_truststore_password>]
[--truststore-type <ssl_truststore_type>]
[--cipher-suites <<ssl_cipher_suites>>]
[--kerberos-enabled (true | false)]
[--ssl-enabled (true | false)]
[--use-server-config]
[-t <delegation_token>]
[--ssl-protocol <ssl_protocol>]
command options

Syntax legend

Syntax conventions Description

Syntax conventions	Description
Italic, bold, or `< >`	Syntax diagrams and code samples use one or more of these styles to mark placeholders for variable values. Replace placeholders with a valid option or your own user-defined value. In CQL statements, angle brackets are required to enclose data types in a set, list, map, or tuple. Separate the data types with a comma. For example: `<datatype2` In Search CQL statements, angle brackets are used to identify the entity and literal value to overwrite the XML element in the schema and `solrconfig` files, such as `@<xml_entity>='<xml_entity_type>'`.
`[ ]`	Square brackets surround optional command arguments. Do not type the square brackets.
`( )`	Parentheses identify a group to choose from. Do not type the parentheses.
`\|`	A pipe separates alternative elements. Type any one of the elements. Do not type the pipe.
`...`	Indicates that you can repeat the syntax element as often as required.
`'`	Single quotation marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case. + For Search CQL only: Single quotation marks surround an entire XML schema declaration, such as `'<<schema> ... </schema>>'`
`{ }`	Map collection. Curly braces enclose maps (`{ <key_datatype>:<value_datatype> }`) or key value pairs (`{ <key>:<value> }`). A colon separates the key and the value.
`;`	Ends a CQL statement.
`--`	Separate command line options from command arguments with two hyphens. This syntax is useful when arguments might be mistaken for command line options.

Italic, bold, or < >

Syntax diagrams and code samples use one or more of these styles to mark placeholders for variable values. Replace placeholders with a valid option or your own user-defined value.

In CQL statements, angle brackets are required to enclose data types in a set, list, map, or tuple. Separate the data types with a comma. For example: <datatype2

In Search CQL statements, angle brackets are used to identify the entity and literal value to overwrite the XML element in the schema and solrconfig files, such as @<xml_entity>='<xml_entity_type>'.

[ ]

Square brackets surround optional command arguments. Do not type the square brackets.

( )

Parentheses identify a group to choose from. Do not type the parentheses.

|

A pipe separates alternative elements. Type any one of the elements. Do not type the pipe.

...

Indicates that you can repeat the syntax element as often as required.

'

Single quotation marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case. + For Search CQL only: Single quotation marks surround an entire XML schema declaration, such as '<<schema> ... </schema>>'

{ }

Map collection. Curly braces enclose maps ({ <key_datatype>:<value_datatype> }) or key value pairs ({ <key>:<value> }). A colon separates the key and the value.

;

Ends a CQL statement.

--

Separate command line options from command arguments with two hyphens. This syntax is useful when arguments might be mistaken for command line options.

Options

Use the following options to connect and authenticate dse client-tool commands. If an option has a short and long form, both forms are provided for reference; only use one form in your commands.

--cipher-suites: Provide a comma-separated list of SSL cipher suites for connection to DSE when SSL is enabled. For example, --cipher-suites c1,c2,c3.
--host: Provide the DSE node hostname or IP address. Omit if connecting to the local node.
--kerberos-enabled: Boolean indicating whether Kerberos authentication is enabled for connections to DSE. For example: --kerberos-enabled true
--keystore-password: Provide the keystore password for connection to DSE when SSL client authentication is enabled.
--keystore-path: Provide the path to the keystore for connection to DSE when SSL client authentication is enabled.
--keystore-type: Specify the keystore type for connection to DSE when SSL client authentication is enabled. JKS is the type for keys generated by the Java keytool binary, but other types are possible depending on user environment.
-p, --password: Provide the password to authenticate for database access.

Can use the DSE_PASSWORD environment variable.
--port port: The native protocol RPC connection port (Thrift).
--sasl-protocol-name dse_service_principal: SASL protocol name, that is, the DSE service principal name.
--ssl: Whether SSL is enabled for connection to DSE. --ssl-enabled true is the same as --ssl.
--ssl-protocol: SSL protocol for connection to DSE when SSL is enabled. For example: --ssl-protocol ssl4
-t: Specify the delegation token that can be used to login. Alternatively, the DSE_TOKEN environment variable can be used.
--truststore_password: Truststore password to use for connection to DSE when SSL is enabled.
--truststore_path: Path to the truststore to use for connection to DSE when SSL is enabled. For example, --truststore-path /path/to/ts.
--truststore-type: Truststore type for connection to DSE when SSL is enabled. JKS is the type for keys generated by the Java keytool binary, but other types are possible, depending on user environment. For example, --truststore-type jks2.
-u: User name of a DSE authentication account. Can use the DSE_USERNAME environment variable.

-a: Provide a DSE authorization username if proxy authentication is used.
--use-server-config: Read parameters from server yaml configuration files. It assumes this node is properly configured.

dse client-tool connection options

Synopsis

Options

Was this helpful?

Give Feedback