[
https://issues.apache.org/jira/browse/CASSANDRA-10209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14733554#comment-14733554
]
Sam Tunnicliffe commented on CASSANDRA-10209:
---------------------------------------------
bq. I'm not sure what other resources should be excluded from client mode, and
I'd rather not do it halfway.
Not sure I completely follow; it isn't that those resources are excluded from
client mode, rather that when *not* in client mode (and so cassandra.yaml isn't
read), don't attempt to figure out which of the {{system_auth}} tables are not
modifiable. Which seems reasonable, as if an
IAuthenticator/IAuthorizer/IRoleManager is set in the yaml, those won't be
correct anyway.
> Missing role manager in cassandra.yaml causes unexpected behaviour
> ------------------------------------------------------------------
>
> Key: CASSANDRA-10209
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10209
> Project: Cassandra
> Issue Type: Bug
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Fix For: 2.2.x, 3.0.0 rc1
>
>
> On upgrading to 2.2+, if the new {{role_manager}} option is not added to
> {{cassandra.yaml}}, an instance of the default {{CassandraRoleManager}} is
> created during initialization of {{DatabaseDescriptor}}. This is a problem as
> the set of role options supported by {{CRM}} depends on the configured
> {{IAuthenticator}}, which at that point in time is always
> {{AllowAllAuthenticator}}.
> This StackOverflow post describes the problem; the configured authenticator
> is {{PasswordAuthenticator}}, the role manager should allow roles to be
> created using the {{PASSWORD}} option, but it does not.
> http://stackoverflow.com/questions/31820914/in-cassandra-2-2-unable-to-create-role-containing-password
> The simple workaround is to ensure that yaml contains the role manager option
> {code}
> role_manager: CassandraRoleManager
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
