|The Cassandra 1.2 documentation is transitioning to a new format! Please use the new Cassandra 1.2 documentation instead.||Back to Table of Contents All Documents List|
Like object permission management using internal authorization, internal authentication is based on Cassandra-controlled login accounts and passwords. Internal authentication works for the following clients when you provide a user name and password to start up the client:
Internal authentication stores usernames and bcrypt-hashed passwords in the system_auth.credentials column family.
PasswordAuthenticator is an IAuthorizer implementation, available in Cassandra 1.2.2 and later, that you can use to configure Cassandra for internal authentication out-of-the-box. You make a few changes to the cassandra.yaml as described in this procedure. Then, to use authentication, you start up the client using the default superuser name and password (cassandra/cassandra).
The syntax for starting up the client is:
<client startup string> -u cassandra -p cassandra
Change the superuser password:
To configure and use internal authentication
Change the cassandra.yaml authenticator setting to PasswordAuthenticator:
A default superuser name and password (cassandra) that you use to start the supported client is stored in Cassandra. For example, to start cqlsh:
./cqlsh -u cassandra -p cassandra
You can now set up user accounts and authorize users to access the database objects by using CQL to grant them permissions on those objects.
CQL 3 supports the following authentication statements: