Re: Cassandra Authentication

2017-01-18 Thread Jai Bheemsen Rao Dhanwada 
Thank you

On Wed, Jan 18, 2017 at 10:10 PM, Ben Bromhead  wrote:

> the volume of data is pretty low + you still want to be able to
> authenticate even if you have more nodes down than the RF for other
> keyspaces. Essentially you don't want auth to be the thing that stops you
> serving requests.
>
> On Wed, 18 Jan 2017 at 14:57 Jai Bheemsen Rao Dhanwada <
> jaibheem...@gmail.com> wrote:
>
>> Thanks Ben,
>>
>> RF 3 isn't sufficient for system_auth? as we are using 3 RF for other
>> production KS, do you see any challenges?
>>
>> On Wed, Jan 18, 2017 at 2:39 PM, Ben Bromhead 
>> wrote:
>>
>> We have a process that syncs and manages RF==N and we also control and
>> manage users, however that entails it's own set of challenges and
>> maintenance.
>>
>> For most users I would suggest 3 < RF <=5 is sufficient. Also make sure
>> you don't use the user "Cassandra" in production as authentication queries
>> are done at QUORUM.
>>
>> On Wed, 18 Jan 2017 at 13:41 Jai Bheemsen Rao Dhanwada <
>> jaibheem...@gmail.com> wrote:
>>
>> Hello,
>>
>> When enabling Authentication on cassandra, is it required to set the RF
>> same as the no.of nodes(https://docs.datastax.
>> com/en/cql/3.1/cql/cql_using/update_ks_rf_t.html)? or can I live with RF
>> of 3 in each DC (other KS are using 3)
>>
>> If it has to be equal to the number of nodes then, every time adding or
>> removing a node requires update of RF.
>>
>> Thanks in advance.
>>
>> --
>> Ben Bromhead
>> CTO | Instaclustr 
>> +1 650 284 9692 <+1%20650-284-9692>
>> Managed Cassandra / Spark on AWS, Azure and Softlayer
>>
>>
>> --
> Ben Bromhead
> CTO | Instaclustr 
> +1 650 284 9692 <+1%20650-284-9692>
> Managed Cassandra / Spark on AWS, Azure and Softlayer
>

Re: Cassandra Authentication

2017-01-18 Thread Ben Bromhead 
the volume of data is pretty low + you still want to be able to
authenticate even if you have more nodes down than the RF for other
keyspaces. Essentially you don't want auth to be the thing that stops you
serving requests.

On Wed, 18 Jan 2017 at 14:57 Jai Bheemsen Rao Dhanwada <
jaibheem...@gmail.com> wrote:

> Thanks Ben,
>
> RF 3 isn't sufficient for system_auth? as we are using 3 RF for other
> production KS, do you see any challenges?
>
> On Wed, Jan 18, 2017 at 2:39 PM, Ben Bromhead  wrote:
>
> We have a process that syncs and manages RF==N and we also control and
> manage users, however that entails it's own set of challenges and
> maintenance.
>
> For most users I would suggest 3 < RF <=5 is sufficient. Also make sure
> you don't use the user "Cassandra" in production as authentication queries
> are done at QUORUM.
>
> On Wed, 18 Jan 2017 at 13:41 Jai Bheemsen Rao Dhanwada <
> jaibheem...@gmail.com> wrote:
>
> Hello,
>
> When enabling Authentication on cassandra, is it required to set the RF
> same as the no.of nodes(
> https://docs.datastax.com/en/cql/3.1/cql/cql_using/update_ks_rf_t.html)?
> or can I live with RF of 3 in each DC (other KS are using 3)
>
> If it has to be equal to the number of nodes then, every time adding or
> removing a node requires update of RF.
>
> Thanks in advance.
>
> --
> Ben Bromhead
> CTO | Instaclustr 
> +1 650 284 9692 <+1%20650-284-9692>
> Managed Cassandra / Spark on AWS, Azure and Softlayer
>
>
> --
Ben Bromhead
CTO | Instaclustr 
+1 650 284 9692
Managed Cassandra / Spark on AWS, Azure and Softlayer

Re: Cassandra Authentication

2017-01-18 Thread Jai Bheemsen Rao Dhanwada 
Thanks Ben,

RF 3 isn't sufficient for system_auth? as we are using 3 RF for other
production KS, do you see any challenges?

On Wed, Jan 18, 2017 at 2:39 PM, Ben Bromhead  wrote:

> We have a process that syncs and manages RF==N and we also control and
> manage users, however that entails it's own set of challenges and
> maintenance.
>
> For most users I would suggest 3 < RF <=5 is sufficient. Also make sure
> you don't use the user "Cassandra" in production as authentication queries
> are done at QUORUM.
>
> On Wed, 18 Jan 2017 at 13:41 Jai Bheemsen Rao Dhanwada <
> jaibheem...@gmail.com> wrote:
>
>> Hello,
>>
>> When enabling Authentication on cassandra, is it required to set the RF
>> same as the no.of nodes(https://docs.datastax.
>> com/en/cql/3.1/cql/cql_using/update_ks_rf_t.html)? or can I live with RF
>> of 3 in each DC (other KS are using 3)
>>
>> If it has to be equal to the number of nodes then, every time adding or
>> removing a node requires update of RF.
>>
>> Thanks in advance.
>>
> --
> Ben Bromhead
> CTO | Instaclustr 
> +1 650 284 9692 <+1%20650-284-9692>
> Managed Cassandra / Spark on AWS, Azure and Softlayer
>

Re: Cassandra Authentication

2017-01-18 Thread Ben Bromhead 
We have a process that syncs and manages RF==N and we also control and
manage users, however that entails it's own set of challenges and
maintenance.

For most users I would suggest 3 < RF <=5 is sufficient. Also make sure you
don't use the user "Cassandra" in production as authentication queries are
done at QUORUM.

On Wed, 18 Jan 2017 at 13:41 Jai Bheemsen Rao Dhanwada <
jaibheem...@gmail.com> wrote:

> Hello,
>
> When enabling Authentication on cassandra, is it required to set the RF
> same as the no.of nodes(
> https://docs.datastax.com/en/cql/3.1/cql/cql_using/update_ks_rf_t.html)?
> or can I live with RF of 3 in each DC (other KS are using 3)
>
> If it has to be equal to the number of nodes then, every time adding or
> removing a node requires update of RF.
>
> Thanks in advance.
>
-- 
Ben Bromhead
CTO | Instaclustr 
+1 650 284 9692
Managed Cassandra / Spark on AWS, Azure and Softlayer

Re: Cassandra Authentication

2012-06-29 Thread Peter Dijkshoorn 
You can build a jar from the SimpleAuthenticator and SimpleAuthority
classes found in the examples.
Then put the jar on the classpath of the cassandra, nicest way is to
modify the startup script:
put an s with options on line 148 in bin/cassandra:

args=`getopt vfhp:bD: $@`

becomes (note the added s)

args=`getopt vfhsp:bD: $@`

and add the -s case in the switch statement (line 173 for example) below
with these lines (do enter the right location to the jar, possibly put
it in the cassandra lib and find out the proper var):

-s)
   
CLASSPATH=$CLASSPATH:/home/peterd/workspaces/uno/CassandraAuthenticator/CassandraSecure.jar
properties=$properties
-Dpasswd.properties=$CASSANDRA_CONF/passwd.properties
-Daccess.properties=$CASSANDRA_CONF/access.properties
shift
;;


Then create the access.properties file and passwd.properties file in
your cassandra config directory
passwd.properties ahs the format
jsmith=pass

and access.properties has format:
modify-keyspaces=jsmith
Keyspace1.ro=jsmith,Elvis Presley
Keyspace1.Standard1.rw=jsmith,Elvis Presley,dilbert

which are all self-explanatory I guess.



Good luck!

Peter Dijkshoorn
Adyen - Payments Made Easy
www.adyen.com

Visiting address:   Mail Address: 
Simon Carmiggeltstraat 6-50 P.O. Box 10095
1011 DJ Amsterdam   1001 EB Amsterdam
The Netherlands The Netherlands

Office +31.20.240.1240
Email peter.dijksho...@adyen.com


On 06/29/2012 06:58 AM, Mohit Anchlia wrote:

 Sent from my iPad

 On Jun 28, 2012, at 8:45 AM, Christof Bornhoevd cbornho...@gmail.com wrote:

 Hi,
  
 we are using Cassandra v1.0.8 with Hector v1.0-5 and would like to move our 
 current system to an operational setting based on Amazon AWS. What are best 
 practices for addessing security for Cassandra on AWS. Besides Security 
 Groups in AWS how is Cassandra Client to Cluster authentication handled 
 best? There used to be a SimpleAuthenticator that has been moved to Examples.
  
 Any recommendations/experiences that you could share? Any hints and guidance 
 is higly appreciated.
  
 Cassandra doesn't provide any security features so far. We wrote our own 
 pluggable authoz and authn that plugs into ldap. You might want to right 
 something of your own that plugs in was auto
 Cheers and thanks a lot for any kind help!
 Christof

Re: Cassandra Authentication

2012-06-28 Thread Mohit Anchlia 


Sent from my iPad

On Jun 28, 2012, at 8:45 AM, Christof Bornhoevd cbornho...@gmail.com wrote:

 Hi,
  
 we are using Cassandra v1.0.8 with Hector v1.0-5 and would like to move our 
 current system to an operational setting based on Amazon AWS. What are best 
 practices for addessing security for Cassandra on AWS. Besides Security 
 Groups in AWS how is Cassandra Client to Cluster authentication handled best? 
 There used to be a SimpleAuthenticator that has been moved to Examples.
  
 Any recommendations/experiences that you could share? Any hints and guidance 
 is higly appreciated.
  
Cassandra doesn't provide any security features so far. We wrote our own 
pluggable authoz and authn that plugs into ldap. You might want to right 
something of your own that plugs in was auto
 Cheers and thanks a lot for any kind help!
 Christof