Internal authentication only is the default authentication scheme for LCM. This scheme uses the cassandra username with a default password of cassandra. LCM requires that you change this password in the Edit Cluster dialog.

The Edit Cluster dialog prompts for the information necessary to change the default password of the cassandra username that is built into the internal authentication scheme. LCM sets the password for this user as specified, and configures OpsCenter to use the password when accessing the cluster.

Internal authentication in LCM can be configured as the primary scheme (default_scheme), with LDAP or Kerberos (or both) as optional schemes (other_schemes).

Adding LDAP or Kerberos as other_schemes in dse.yaml is allowed, but LCM and OpsCenter ignore the additional schemes and use the internal cassandra username, as described in the Internal authentication only scheme.

This scenario is useful when client applications using DSE for data storage must have accounts managed through a centralized Kerberos or LDAP service. OpsCenter will use the internal cassandra username to ensure that DSE management operations can be completed, even if access to the Kerberos or LDAP service is disrupted or unavailable.

When authentication is enabled in a configuration profile, LCM prompts for credentials after the profile is selected in the Edit Cluster dialog. See Editing a Cluster for more information.

Running DSE with authentication disabled is not recommended without appropriate network access controls in place. However, LCM supports configuring OpsCenter to access a DSE cluster that has authentication disabled.

To disable authentication, uncheck the enabled checkbox under authentication_options in dse.yaml. In cassandra.yaml, select DseAuthenticator as the authenticator, which is a flexible option that is recommended in all use cases.

You can also disable authentication by selecting the AllowAllAuthenticator authenticator option in cassandra.yaml, but the DseAuthenticator option is preferred.