Apache Cassandra 1.2 Documentation

Configuring system_auth keyspace replication

If you use a non-default authenticator and/or authorizer, such as PasswordAuthenticator, alter the replication factor for the system_auth keyspace. In a multi-node cluster, using the default replication factor of 1 for the system_auth keyspace precludes logging into any node when the node that stores the user data is down. For all system_auth-related queries, Cassandra uses the QUORUM consistency level.

Setting the system_auth keyspace replication factor

To change the replication factor of the system_auth keyspace:

  1. Change the replication factor using CQL:

    Example for SimpleStrategy

    ALTER KEYSPACE system_auth WITH REPLICATION =
  {'class' : 'SimpleStrategy',  'replication_factor' : 3 };

    Example for NetworkTopologyStrategy

    ALTER KEYSPACE system_auth WITH REPLICATION =
  {'class' : 'NetworkTopologyStrategy',
  'dc1' : 3, 'dc2' : 3};

  2. If you change the system_auth keyspace on an existing cluster:

    1. Make sure every node uses the same settings.
    2. On each affected node, run nodetool repair to repair only the system_auth keyspace. Wait until repair completes on a node before moving to the next node.

About the system_auth keyspace

Cassandra uses the system_auth keyspace for storing security authentication and authorization information:

  • Cassandra: the internal user list (in system_auth.users column family).
  • PasswordAuthenticator: the users' hashed passwords (in system_auth.credentials column family)
  • CassandraAuthorizer: the users' permissions (in system_auth.permissions column family)