DataStax Enterprise 3.1 Documentation

Configuring system_auth keyspace replication

This documentation corresponds to an earlier product version. Make sure this document corresponds to your version.

Latest DSE documentation | Earlier DSE documentation

Cassandra uses the system_auth keyspace for storing security authentication and authorization information. If you use the following authenticator/authorizer, you must set the replication factor with a keyspace command such as ALTER KEYSPACE to prevent a potential problem logging into a secure cluster:

  • authenticator: org.apache.cassandra.auth.PasswordAuthenticator: the users' hashed passwords in system_auth.credentials table
  • authorizer: org.apache.cassandra.auth.CassandraAuthorizer: the users' permissions in system_auth.permissions table

Setting the replication factor

Do not use the default replication factor of 1 for the system_auth keyspace. In a multi-node cluster, using the default of 1 precludes logging into any node when the node that stores the user data is down. For most system_auth queries, Cassandra uses a consistency level of ONE and uses QUORUM for the default cassandra superuser; see Configuring data consistency.

SimpleStrategy example:

ALTER KEYSPACE "system_auth"
   WITH REPLICATION ={ 'class' : 'SimpleStrategy', 'replication_factor' : 3 };

NetworkTopologyStrategy example:

ALTER KEYSPACE "system_auth"
   WITH REPLICATION = {'class' : 'NetworkTopologyStrategy', 'dc1' : 3, 'dc2' : 2};