Cassandra Authentication and authorization
By default, authentication is not enabled in Cassandra and anybody can access Cassandra.
Cassandra has a simple authentication & authorization
mechanism by extending the below java interfaces.
org.apache.cassandra.auth.IAuthenticator.java
org.apache.cassandra.auth.IAuthority.java
In the source distribution(not in binary distribution) IAuthenticator and IAuthority
interfaces are implemented in the SimpleAuthenticator project and it can be easily
configurable with Cassandra.
If you want
to have your own authentication and authorization implementation you’re freely
allowed to do it by extending the below interfaces.
org.apache.cassandra.auth.IAuthenticator.java
org.apache.cassandra.auth.IAuthority.java
The below steps are used to enable authentication in
Cassandra.
1) Configure
cassandra.yaml
2) Configure
access.properties
3) Configure
password.properties and
4) Cassandra.bat
file in bin directory.
Step 1: Configure Cassandra.yaml :
Authentication:
Find org.apache.cassandra.auth.AllowAllAuthenticator
and it should be replaced with
org.apache.cassandra.auth.SimpleAuthenticator
Authorization:
Find org.apache.cassandra.auth.AllowAllAuthorizer
and it should be replaced with org.apache.cassandra.auth.SimpleAuthorizer
Step 2: Configure access.properties
Configure
the required user names,keyspace names, column family names with their permission level.
You can
configure the authorization upto column family level in Cassandra.
Configure
keyspace permissions:
<keyspacename>.<permission>=<username>
murali.<rw>=admin,Cassandra
# <rw> means read and write.
Murali.<ro>=user1 #<ro> mean read only permission.
By default all the users will have read permission for all the keyspaces.
Configure
column family permissions:
<keyspacename>.<columnfamilyname>.<permission>=<username>
murali.users.<rw>=admin
Step 3: Configure password.properties
Add the
required user and password in this file.
<username>=<password>
cassandra = cassandra
Step 4: Modifying JAVA_OPTS in Cassandra.bat file.
Add the
below lines to the JAVA_OPTS.
-Dpasswd.properties=conf/passwd.properties
-Daccess.properties=conf/access.properties