To configure Cassandra to use internal authentication, first make a change to the cassandra.yaml file and increase the replication factor of the system_auth keyspace, as described in this procedure. Next, start up Cassandra using the default user name and password (cassandra/cassandra), and start cqlsh using the same credentials. Finally, use these CQL 3 statements to set up user accounts to authorize users to access the database objects:
Change the authenticator option in the cassandra.yaml to PasswordAuthenticator. By default, the authenticator option is set to AllowAllAuthenticator.
- Increase the replication factor for the system_auth keyspace.
Restart the Cassandra client. The default superuser name and password
that you use to start the client is stored in Cassandra.
<client startup string> -u cassandra -p cassandra
Start cqlsh using the superuser name and password.
./cqlsh -u cassandra -p cassandra
- Create another superuser, not named cassandra. This step is optional but highly recommended.
- Log in as that new superuser.
- Change the cassandra user password to something long and incomprehensible, and then forget about it. It won't be used again.
- Take away the cassandra user's superuser status.
- Use the CQL 3 statements listed previously to set up user accounts and then grant permissions to access the database objects.