SimpleAuthenticator missing in Cassandra 1.0
It seems that org.apache.cassandra.auth.SimpleAuthenticator is missing in the cassandra 1.0 binaries. Is this on purpose or did I found a bug? -- View this message in context: http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/SimpleAuthenticator-missing-in-Cassandra-1-0-tp6937930p6937930.html Sent from the cassandra-u...@incubator.apache.org mailing list archive at Nabble.com.
Re: SimpleAuthenticator missing in Cassandra 1.0
On Thu, Oct 27, 2011 at 3:25 PM, RobinUs2 ro...@us2.nl wrote: It seems that org.apache.cassandra.auth.SimpleAuthenticator is missing in the cassandra 1.0 binaries. Is this on purpose or did I found a bug? From NEWS.txt: - The SimpleAuthenticator and SimpleAuthority classes have been moved to the example directory (and are thus not available from the binary distribution). They never provided actual security and in their current state are only meant as examples. -Brandon
Re: SimpleAuthenticator missing in Cassandra 1.0
https://issues.apache.org/jira/browse/CASSANDRA-2922 On Thu, Oct 27, 2011 at 3:25 PM, RobinUs2 ro...@us2.nl wrote: It seems that org.apache.cassandra.auth.SimpleAuthenticator is missing in the cassandra 1.0 binaries. Is this on purpose or did I found a bug? -- View this message in context: http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/SimpleAuthenticator-missing-in-Cassandra-1-0-tp6937930p6937930.html Sent from the cassandra-u...@incubator.apache.org mailing list archive at Nabble.com. -- Jonathan Ellis Project Chair, Apache Cassandra co-founder of DataStax, the source for professional Cassandra support http://www.datastax.com
Re: SimpleAuthenticator missing in Cassandra 1.0
Oke, that makes sense, even though I couldn't find it in the first place. What would you suggest for authentication? Firewall rules that only allow from whitelist hosts? Writing a custom Authenticator? -- View this message in context: http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/SimpleAuthenticator-missing-in-Cassandra-1-0-tp6937930p6937981.html Sent from the cassandra-u...@incubator.apache.org mailing list archive at Nabble.com.
Re: SimpleAuthenticator missing in Cassandra 1.0
For what it's worth, here's where I ended up after digging into Cassandra security as a new user: http://petewarden.typepad.com/searchbrowser/2011/08/securing-cassandra-on-ec2.html On Thu, Oct 27, 2011 at 1:39 PM, RobinUs2 ro...@us2.nl wrote: Oke, that makes sense, even though I couldn't find it in the first place. What would you suggest for authentication? Firewall rules that only allow from whitelist hosts? Writing a custom Authenticator? -- View this message in context: http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/SimpleAuthenticator-missing-in-Cassandra-1-0-tp6937930p6937981.html Sent from the cassandra-u...@incubator.apache.org mailing list archive at Nabble.com.
Re: SimpleAuthenticator missing in Cassandra 1.0
Had found the same thing, and updated: http://wiki.apache.org/cassandra/SimpleAuthenticator On 10/27/2011 04:25 PM, RobinUs2 wrote: It seems that org.apache.cassandra.auth.SimpleAuthenticator is missing in the cassandra 1.0 binaries. Is this on purpose or did I found a bug? -- View this message in context: http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/SimpleAuthenticator-missing-in-Cassandra-1-0-tp6937930p6937930.html Sent from the cassandra-u...@incubator.apache.org mailing list archive at Nabble.com.
SimpleAuthenticator / SimpleAuthorization missing
Hello, SimpleAuthenticator SimpleAuthorization just disappear in release 1.0.0... Will this stay like this or is it a release bug ? Thanks, - Pierre
Re: SimpleAuthenticator / SimpleAuthorization missing
See: https://issues.apache.org/jira/browse/CASSANDRA-2922 On Thu, Oct 20, 2011 at 4:08 AM, Pierre Chalamet pie...@chalamet.netwrote: Hello, SimpleAuthenticator SimpleAuthorization just disappear in release 1.0.0... Will this stay like this or is it a release bug ? Thanks, - Pierre
Re: SimpleAuthenticator / SimpleAuthorization missing
Thanks for the answer. - Pierre -Original Message- From: Yi Yang i...@iyyang.com Date: Thu, 20 Oct 2011 04:20:25 To: user@cassandra.apache.org; pie...@chalamet.net Subject: Re: SimpleAuthenticator / SimpleAuthorization missing See: https://issues.apache.org/jira/browse/CASSANDRA-2922 On Thu, Oct 20, 2011 at 4:08 AM, Pierre Chalamet pie...@chalamet.netwrote: Hello, SimpleAuthenticator SimpleAuthorization just disappear in release 1.0.0... Will this stay like this or is it a release bug ? Thanks, - Pierre
Is anyone actually seriously using SimpleAuthenticator and SimpleAuthority?
See: https://issues.apache.org/jira/browse/CASSANDRA-2922 -- Jonathan Ellis Project Chair, Apache Cassandra co-founder of DataStax, the source for professional Cassandra support http://www.datastax.com
Re: Is anyone actually seriously using SimpleAuthenticator and SimpleAuthority?
We studied SimpleAuthority a few months back out of curiosity and took some notes on it to eventually use it in the future. Somebody getting started with this might find the following helpful... - - - - - - The following discusses ways to configure security best practices for a Cassandra cluster running on Amazon EC2. It explores different security components which should all be used together to ensure a safe environment. We tested some of these features using a small Cassandra 0.8.0beta1 cluster, since they were not available in 0.7.4. If the read or write client exists outside of the cluster, as it did in our case on Elastic Beanstalk, then the read/write client needs a safe way to authenticate to the cluster. Without authentication, anyone with the IP address of the cluster could potentially read or write to it. *+++ AllowAllAuthority +++* By default, Cassandra allows any client on the network to connect to the cluster and read/write data, which is a security risk. The security mechanism is pluggable, so the default authentication method ( org.apache.cassandra.auth.AllowAllAuthority) can be swapped out for another, or a custom one can be written. During our prototype phase, we replacedthis default setting with the (slightly) more secure SimpleAuthority mechanism described in the next section. *+++ SimpleAuthority +++* In order to force clients, like the Elastic Beanstalk Hector read client, to provide credentials, SimpleAuthority should be used. In the Cassandra config directory, two files must be edited to use SimpleAuthority: 1)Access.properties: uses a key/value pair to specify which users are allowed access to which keyspaces, specified in a comma separated list, for example: Keyspace1=jdoe,John Smith, user5 2)Passwd.properties: contains a list of the users above and specifies the password for them, for example: jdoe=lookatmypass John\ Smith=b3tterp@ass user5=password After the two above files have been edited, we told Cassandra the location of the access and password files using the bin/cassandra.in.sh script. The file locations can be passed to the JVM by pasting code like the following at the bottom of the script file: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties Next, the value for the authenticator element in cassandra.yaml must be replaced from org.apache.cassandra.auth.AllowAllAuthority to org.apache.cassandra.auth.SimpleAuthority. Now, when the client code in Hector connects to the cluster it can authenticate using a map with the username and password: Map AccessMap = new HashMap(); AccessMap.put(username, jdoe); AccessMap.put(password, nosql); Keyspace keyspace = HFactory.createKeyspace(MDR, cluster, new AllOneConsistencyLevelPolicy(), FailoverPolicy.ON_FAIL_TRY_ALL_AVAILABLE, AccessMap); One of the problems we noticed with this method is that Hector sends the password as plaintext to the cluster. We would need to think of a more secure way to sending the password when deployed in production. *MD5 Encryption with SimpleAuthority* SimpleAuthority has two modes for specifying the password: plain text and MD5 encrypted. The above examples use plain text passwords. To improve security, MD5 is highly encouraged. Message-Digest algorithm is a one-way hash function that generates a 128-bit hash value from an input. We enabled MD5 in the cassandra.in.sh file by passing the passwd.mode switch to the JVM: JVM_OPTS= \ -da \ //other stuff... -Dpasswd.mode=MD5 A variety of tools and libraries can be used to generate an MD5-encrypted version of the plain-text username and password as a one-way hash. Here’s a short Python program: $ python Python 2.6.5 ... from hashlib import md5 p = havebadpass h = md5(p).hexdigest() print h e1a31eee2136eb73e8e47f9e9d13ab0d The encrypted output from the program for the username should be updated in the passwd.properties file with the encrypted value on all nodes. *More Secure Alternatives to MD5 Encryption* Note that US-CERT of the U. S. Department of Homeland Security said MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. So, MD5 should not be considered absolutely secure, but it does add a layer of security. Cassandra 0.7.4 does not have support for other encryption hashes out of the box, but by implementing the iAuthenticator interface, a custom one can be written. Jonathan Ellis, the apache Cassandra chair, recommends bcrypt over MD5 for a secure has function: http://codahale.com/how-to-safely-store-a-password/ Ted Zlatanov, the Cassandra developer who implemented the MD5 SimpleAuthenticator encryption said on the user-mailing list: “I used MD5 when I proposed SimpleAuthenticator for two reasons: 1
Re: SimpleAuthenticator
Thanks On Thu, Jun 30, 2011 at 10:09 PM, aaron morton aa...@thelastpickle.comwrote: cassandra.in.sh is old skool 0.6 series, 0.7 series uses cassandra-env.sh. The packages put it in /etc/cassandra. This works for me at the end of cassandra-env.sh JVM_OPTS=$JVM_OPTS -Dpasswd.properties=/etc/cassandra/passwd.properties JVM_OPTS=$JVM_OPTS -Daccess.properties=/etc/cassandra/access.properties btw at a minimum you should upgrade from 0.7.2 to 0.7.6-2 see https://github.com/apache/cassandra/blob/cassandra-0.7.6-2/NEWS.txt#L61 https://github.com/apache/cassandra/blob/cassandra-0.7.6-2/NEWS.txt#L61Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 1 Jul 2011, at 02:20, Earl Barnes wrote: Hi, I am encountering an error while trying to set up simple authentication in a test environment. *BACKGROUND* *Cassandra Version: ReleaseVersion: 0.7.2-0ubuntu4~lucid1* *OS Level: Linux cassandra1 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux* *2 node cluster* Properties file exist in the following directory: * /etc/cassandra/access.properties* * /etc/cassandra/passwd.properties* The *authenticator element* in the */etc/cassandra/cassandra.yaml* file is set to: *authenticator: org.apache.cassandra.auth.SimpleAuthenticator* The *authority element* in the */etc/cassandra/cassandra.yaml *file is set to: *authority: org.apache.cassandra.auth.SimpleAuthority* The *cassandra.in.sh* file located in */usr/share/cassandra* has been updated to show the location of the properties files in the following manner: # Location of access.properties and passwd.properties JVM_OPTS= -Dpasswd.properties=/etc/cassandra/passwd.properties -Daccess.properties=/etc/cassandra/access.properties Also, the destination of the configuration directory: CASSANDRA_CONF=/etc/cassandra *ERROR* After setting DEBUG mode, I get the following error message in the * system.log*: INFO [main] 2011-06-30 10:12:01,365 AbstractCassandraDaemon.java (line 249) Cassandra shutting down... INFO [main] 2011-06-30 10:12:01,366 CassandraDaemon.java (line 159) Stop listening to thrift clients INFO [main] 2011-06-30 10:13:14,186 AbstractCassandraDaemon.java (line 77) Logging initialized INFO [main] 2011-06-30 10:13:14,196 AbstractCassandraDaemon.java (line 97) Heap size: 510263296/511311872 WARN [main] 2011-06-30 10:13:14,227 CLibrary.java (line 93) Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN [main] 2011-06-30 10:13:14,227 CLibrary.java (line 93) Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN [main] 2011-06-30 10:13:14,228 CLibrary.java (line 125) Unknown mlockall error 0 INFO [main] 2011-06-30 10:13:14,234 DatabaseDescriptor.java (line 121) Loading settings from file:/etc/cassandra/cassandra.yaml INFO [main] 2011-06-30 10:13:14,337 DatabaseDescriptor.java (line 181) DiskAccessMode 'auto' determined to be mmap, indexAccessMode is mmap ERROR [main] 2011-06-30 10:13:14,342 DatabaseDescriptor.java (line 405) Fatal configuration error org.apache.cassandra.config.ConfigurationException: When using org.apache.cassandra.auth.SimpleAuthenticator passwd.properties properties must be defined. at org.apache.cassandra.auth.SimpleAuthenticator.validateConfiguration(SimpleAuthenticator.java:148) at org.apache.cassandra.config.DatabaseDescriptor.clinit(DatabaseDescriptor.java:200) at org.apache.cassandra.service.AbstractCassandraDaemon.setup(AbstractCassandraDaemon.java:100) at org.apache.cassandra.service.AbstractCassandraDaemon.init(AbstractCassandraDaemon.java:217) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.commons.daemon.support.DaemonLoader.load(DaemonLoader.java:160) Data from the *output.log*: INFO 10:12:01,365 Cassandra shutting down... INFO 10:12:01,366 Stop listening to thrift clients INFO 10:13:14,186 Logging initialized INFO 10:13:14,196 Heap size: 510263296/511311872 WARN 10:13:14,227 Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN 10:13:14,227 Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN 10:13:14,228 Unknown mlockall error 0 INFO 10:13:14,234 Loading settings from file:/etc/cassandra/cassandra.yaml INFO 10:13:14,337 DiskAccessMode 'auto' determined to be mmap, indexAccessMode is mmap ERROR 10:13:14,342 Fatal configuration error org.apache.cassandra.config.ConfigurationException: When using org.apache.cassandra.auth.SimpleAuthenticator passwd.properties
Re: SimpleAuthenticator
cassandra.in.sh is old skool 0.6 series, 0.7 series uses cassandra-env.sh. The packages put it in /etc/cassandra. This works for me at the end of cassandra-env.sh JVM_OPTS=$JVM_OPTS -Dpasswd.properties=/etc/cassandra/passwd.properties JVM_OPTS=$JVM_OPTS -Daccess.properties=/etc/cassandra/access.properties btw at a minimum you should upgrade from 0.7.2 to 0.7.6-2 see https://github.com/apache/cassandra/blob/cassandra-0.7.6-2/NEWS.txt#L61 Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 1 Jul 2011, at 02:20, Earl Barnes wrote: Hi, I am encountering an error while trying to set up simple authentication in a test environment. BACKGROUND Cassandra Version: ReleaseVersion: 0.7.2-0ubuntu4~lucid1 OS Level: Linux cassandra1 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux 2 node cluster Properties file exist in the following directory: /etc/cassandra/access.properties /etc/cassandra/passwd.properties The authenticator element in the /etc/cassandra/cassandra.yaml file is set to: authenticator: org.apache.cassandra.auth.SimpleAuthenticator The authority element in the /etc/cassandra/cassandra.yaml file is set to: authority: org.apache.cassandra.auth.SimpleAuthority The cassandra.in.sh file located in /usr/share/cassandra has been updated to show the location of the properties files in the following manner: # Location of access.properties and passwd.properties JVM_OPTS= -Dpasswd.properties=/etc/cassandra/passwd.properties -Daccess.properties=/etc/cassandra/access.properties Also, the destination of the configuration directory: CASSANDRA_CONF=/etc/cassandra ERROR After setting DEBUG mode, I get the following error message in the system.log: INFO [main] 2011-06-30 10:12:01,365 AbstractCassandraDaemon.java (line 249) Cassandra shutting down... INFO [main] 2011-06-30 10:12:01,366 CassandraDaemon.java (line 159) Stop listening to thrift clients INFO [main] 2011-06-30 10:13:14,186 AbstractCassandraDaemon.java (line 77) Logging initialized INFO [main] 2011-06-30 10:13:14,196 AbstractCassandraDaemon.java (line 97) Heap size: 510263296/511311872 WARN [main] 2011-06-30 10:13:14,227 CLibrary.java (line 93) Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN [main] 2011-06-30 10:13:14,227 CLibrary.java (line 93) Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN [main] 2011-06-30 10:13:14,228 CLibrary.java (line 125) Unknown mlockall error 0 INFO [main] 2011-06-30 10:13:14,234 DatabaseDescriptor.java (line 121) Loading settings from file:/etc/cassandra/cassandra.yaml INFO [main] 2011-06-30 10:13:14,337 DatabaseDescriptor.java (line 181) DiskAccessMode 'auto' determined to be mmap, indexAccessMode is mmap ERROR [main] 2011-06-30 10:13:14,342 DatabaseDescriptor.java (line 405) Fatal configuration error org.apache.cassandra.config.ConfigurationException: When using org.apache.cassandra.auth.SimpleAuthenticator passwd.properties properties must be defined. at org.apache.cassandra.auth.SimpleAuthenticator.validateConfiguration(SimpleAuthenticator.java:148) at org.apache.cassandra.config.DatabaseDescriptor.clinit(DatabaseDescriptor.java:200) at org.apache.cassandra.service.AbstractCassandraDaemon.setup(AbstractCassandraDaemon.java:100) at org.apache.cassandra.service.AbstractCassandraDaemon.init(AbstractCassandraDaemon.java:217) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.commons.daemon.support.DaemonLoader.load(DaemonLoader.java:160) Data from the output.log: INFO 10:12:01,365 Cassandra shutting down... INFO 10:12:01,366 Stop listening to thrift clients INFO 10:13:14,186 Logging initialized INFO 10:13:14,196 Heap size: 510263296/511311872 WARN 10:13:14,227 Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN 10:13:14,227 Obsolete version of JNA present; unable to read errno. Upgrade to JNA 3.2.7 or later WARN 10:13:14,228 Unknown mlockall error 0 INFO 10:13:14,234 Loading settings from file:/etc/cassandra/cassandra.yaml INFO 10:13:14,337 DiskAccessMode 'auto' determined to be mmap, indexAccessMode is mmap ERROR 10:13:14,342 Fatal configuration error org.apache.cassandra.config.ConfigurationException: When using org.apache.cassandra.auth.SimpleAuthenticator passwd.properties properties must be defined. at org.apache.cassandra.auth.SimpleAuthenticator.validateConfiguration(SimpleAuthenticator.java:148) at
Re: Questions about using MD5 encryption with SimpleAuthenticator
On Wed, 18 May 2011 17:16:28 -0700 Sameer Farooqui cassandral...@gmail.com wrote: SF But even SSL/TLS is subject to attacks from tools like SSLSNIFF: SF http://www.thoughtcrime.org/software/sslsniff For perfect security, unplug the server and remove the hard drive. Ted
Re: Questions about using MD5 encryption with SimpleAuthenticator
On Tue, 17 May 2011 15:52:22 -0700 Sameer Farooqui cassandral...@gmail.com wrote: SF Would still be nice though to use the bcrypt hash over MD5 for stronger SF security. I used MD5 when I proposed SimpleAuthenticator for two reasons: 1) SimpleAuthenticator is supposed to be a demo of the authentication interface. It can be used for testing and trivial setups, but I wouldn't use it in production. So it's meant to get you going easily, not to serve you long-term. 2) MD5 is built into Java. At the time, bcrypt and SHA-* were not. I used MD5 only so the passwords are not stored in the clear, not to provide production-level security. You should consider carefully the implications of storing passwords in a file on a database server, no matter how they are encrypted. It would be better to write a trivial AD/LDAP/etc. authenticator that fits your specific needs and doesn't rely on a local file. Ted
Re: Questions about using MD5 encryption with SimpleAuthenticator
Also if you were wearing an aluminium foil hat you may also be concerned about how the password is sent to the server. Again though, see previous I am not a security guy comment and helpful link from Jonathan confirming that statement :) Cheers - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 19/05/2011, at 1:19 AM, Ted Zlatanov t...@lifelogs.com wrote: On Tue, 17 May 2011 15:52:22 -0700 Sameer Farooqui cassandral...@gmail.com wrote: SF Would still be nice though to use the bcrypt hash over MD5 for stronger SF security. I used MD5 when I proposed SimpleAuthenticator for two reasons: 1) SimpleAuthenticator is supposed to be a demo of the authentication interface. It can be used for testing and trivial setups, but I wouldn't use it in production. So it's meant to get you going easily, not to serve you long-term. 2) MD5 is built into Java. At the time, bcrypt and SHA-* were not. I used MD5 only so the passwords are not stored in the clear, not to provide production-level security. You should consider carefully the implications of storing passwords in a file on a database server, no matter how they are encrypted. It would be better to write a trivial AD/LDAP/etc. authenticator that fits your specific needs and doesn't rely on a local file. Ted
Re: Questions about using MD5 encryption with SimpleAuthenticator
I am wearing said hat and am freaking out right now :-) Just kidding and good point. I guess it would be nice if clients like Hector had an option to use TLS/SSL to encapsulate the application protocol. But even SSL/TLS is subject to attacks from tools like SSLSNIFF: http://www.thoughtcrime.org/software/sslsniff On Wed, May 18, 2011 at 2:33 PM, Aaron Morton aa...@thelastpickle.comwrote: Also if you were wearing an aluminium foil hat you may also be concerned about how the password is sent to the server. Again though, see previous I am not a security guy comment and helpful link from Jonathan confirming that statement :) Cheers - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 19/05/2011, at 1:19 AM, Ted Zlatanov t...@lifelogs.com wrote: On Tue, 17 May 2011 15:52:22 -0700 Sameer Farooqui cassandral...@gmail.com wrote: SF Would still be nice though to use the bcrypt hash over MD5 for stronger SF security. I used MD5 when I proposed SimpleAuthenticator for two reasons: 1) SimpleAuthenticator is supposed to be a demo of the authentication interface. It can be used for testing and trivial setups, but I wouldn't use it in production. So it's meant to get you going easily, not to serve you long-term. 2) MD5 is built into Java. At the time, bcrypt and SHA-* were not. I used MD5 only so the passwords are not stored in the clear, not to provide production-level security. You should consider carefully the implications of storing passwords in a file on a database server, no matter how they are encrypted. It would be better to write a trivial AD/LDAP/etc. authenticator that fits your specific needs and doesn't rely on a local file. Ted
Re: Questions about using MD5 encryption with SimpleAuthenticator
Use the plain text password via the cli, the server will make a hash and compare it to the one in the file. wrt SHA-2 I'm not a security guy but MD5 is probably good enough for the problem of storing passwords in plain text in a file. Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.com wrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what am I doing wrong? - Sameer
Re: Questions about using MD5 encryption with SimpleAuthenticator
http://codahale.com/how-to-safely-store-a-password/ On Tue, May 17, 2011 at 3:03 PM, aaron morton aa...@thelastpickle.com wrote: Use the plain text password via the cli, the server will make a hash and compare it to the one in the file. wrt SHA-2 I'm not a security guy but MD5 is probably good enough for the problem of storing passwords in plain text in a file. Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.com wrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what am I doing wrong? - Sameer -- Jonathan Ellis Project Chair, Apache Cassandra co-founder of DataStax, the source for professional Cassandra support http://www.datastax.com
Re: Questions about using MD5 encryption with SimpleAuthenticator
Hey Aaron, Unfortunately it fails with plaintext password also: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw nosql -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually Regarding the security of MD5, I'm not a security guy either, but it seems quiet easy to crack, especially for short passwords. This website was quickly able to decrypt my MD5 digest (which is honestly not very complex) and give me the original plaintext: http://md5.noisette.ch/index.php Longer list of MD5 rainbow table sites: http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ Anyway, any help with the original question of how to input the password the the Cassandra-CLI would be much appreciated! - Sameer On Tue, May 17, 2011 at 1:03 PM, aaron morton aa...@thelastpickle.comwrote: Use the plain text password via the cli, the server will make a hash and compare it to the one in the file. wrt SHA-2 I'm not a security guy but MD5 is probably good enough for the problem of storing passwords in plain text in a file. Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.comwrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what am I doing wrong? - Sameer
Re: Questions about using MD5 encryption with SimpleAuthenticator
Opps, my bad... please ignore the email below. It actually works with the plain text password (I had forgotten to update the passwd.properties file on one node which was causing the login to fail). Example of successful login: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Connected to: Demo_Cluster_beta1 on ec2-50-19-26-189.compute-1.amazonaws.com/9160 Welcome to the Cassandra CLI. Would still be nice though to use the bcrypt hash over MD5 for stronger security. - Sameer On Tue, May 17, 2011 at 3:05 PM, Sameer Farooqui cassandral...@gmail.comwrote: Hey Aaron, Unfortunately it fails with plaintext password also: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw nosql -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually Regarding the security of MD5, I'm not a security guy either, but it seems quiet easy to crack, especially for short passwords. This website was quickly able to decrypt my MD5 digest (which is honestly not very complex) and give me the original plaintext: http://md5.noisette.ch/index.php Longer list of MD5 rainbow table sites: http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ Anyway, any help with the original question of how to input the password the the Cassandra-CLI would be much appreciated! - Sameer On Tue, May 17, 2011 at 1:03 PM, aaron morton aa...@thelastpickle.comwrote: Use the plain text password via the cli, the server will make a hash and compare it to the one in the file. wrt SHA-2 I'm not a security guy but MD5 is probably good enough for the problem of storing passwords in plain text in a file. Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.com wrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what
Re: Questions about using MD5 encryption with SimpleAuthenticator
If you need it create a ticket on https://issues.apache.org/jira/browse/CASSANDRA Aaron - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 18 May 2011, at 10:52, Sameer Farooqui wrote: Opps, my bad... please ignore the email below. It actually works with the plain text password (I had forgotten to update the passwd.properties file on one node which was causing the login to fail). Example of successful login: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Connected to: Demo_Cluster_beta1 on ec2-50-19-26-189.compute-1.amazonaws.com/9160 Welcome to the Cassandra CLI. Would still be nice though to use the bcrypt hash over MD5 for stronger security. - Sameer On Tue, May 17, 2011 at 3:05 PM, Sameer Farooqui cassandral...@gmail.com wrote: Hey Aaron, Unfortunately it fails with plaintext password also: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw nosql -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Welcome to the Cassandra CLI. quit CLI manually Regarding the security of MD5, I'm not a security guy either, but it seems quiet easy to crack, especially for short passwords. This website was quickly able to decrypt my MD5 digest (which is honestly not very complex) and give me the original plaintext: http://md5.noisette.ch/index.php Longer list of MD5 rainbow table sites: http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ Anyway, any help with the original question of how to input the password the the Cassandra-CLI would be much appreciated! - Sameer On Tue, May 17, 2011 at 1:03 PM, aaron morton aa...@thelastpickle.com wrote: Use the plain text password via the cli, the server will make a hash and compare it to the one in the file. wrt SHA-2 I'm not a security guy but MD5 is probably good enough for the problem of storing passwords in plain text in a file. Hope that helps. - Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.com wrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw
Questions about using MD5 encryption with SimpleAuthenticator
Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what am I doing wrong? - Sameer
Re: Questions about using MD5 encryption with SimpleAuthenticator
By the way, just noticed a typo in my email below. I'm using the correct keyspace name in all locations on the cluster... however in my examples below, I used MyKeyspace in some spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere, so that's not the issue. - Sameer On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui cassandral...@gmail.comwrote: Hi all, We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 should be considered cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions is recommended. The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster from Cassandra-CLI (I get a login failure). The cassandra.in.sh file has been changed as so: JVM_OPTS= -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties \ -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties \ -Dpasswd.mode=MD5 And I ran this python script to generate a MD5 hash: ubuntu@darknet:~$ python Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) [GCC 4.4.5] on linux2 Type help, copyright, credits or license for more information. from hashlib import md5 p = nosql h = md5(p).hexdigest() print h 9fa1b39e7eb877367213e6f7e37d0b01 Then I updated the passwd.properties file with the new hashed password: jdoe=9fa1b39e7eb877367213e6f7e37d0b01 Also, the access.properties file is properly set so that jdoe has rw access to the keyspace and CF: MyKeyspace.rw=jdoe,jsmith MyKeyspace.MyCF.rw=jsmith,jdoe But when I try to connect to the cluster now, I'm getting a login failure. I have tried a few different ways of connecting: Ran this from the Cassandra CLI: [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe '9fa1b39e7eb877367213e6f7e37d0b01'; Login failure. Did you specify 'keyspace', 'username' and 'password'? Ran these from the Ubuntu CLI: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR Login failure. Did you specify 'keyspace', 'username' and 'password'? Hmm, what am I doing wrong? - Sameer
Re: using SimpleAuthenticator is not working
I *think* that message is just from when the connection is closed. Sorry this is a hard one to help with, as it's more than likely something to do with your client app. Some guessing... Everything is working if you do not use the authenticator ? Can you inspect the ports on the server and see if the connection is created from the client ? Any difference if you use an invalid password ? Try using Hector ? Try creating a new testing app from scratch. Hope that helps Aaron On 18 Nov 2010, at 10:03, Alaa Zubaidi wrote: One other thing, while login() hangs when called on the server side, and nothing is logged, I see the following logged when I kill the hanged process. DEBUG 13:01:10,640 logged out: null Thanks On 11/17/2010 12:41 PM, Alaa Zubaidi wrote: Hi Aaron, I used the client, and was able to login. E:\cassandrabin\cassandra-cli.bat -host 191.111.1.11 -port 9160 Starting Cassandra Client Connected to: Test Cluster on 191.111.1.11/9160 Welcome to cassandra CLI. Type 'help' or '?' for help. Type 'quit' or 'exit' to quit. [defa...@unknown] use Realtime al 'al' Authenticated to keyspace: Realtime [a...@realtime] and here is whats logged sever side: DEBUG 12:38:04,921 logged in: #User al groups=[] I am using Java/thrift on windows. Regards, Alaa On 11/15/2010 5:37 PM, Aaron Morton wrote: Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the use statement it will perform a login after setting the keyspace for the connection. Try testing the login that way, and see what is logged server side (with logging at DEBUG). Also, what client are you using ? Aaron On 16 Nov, 2010,at 02:02 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
Hi Aaron, Thanks for the help.. If I don't use the Authenticator, and keep it at AllowAll it will work find.. I tried provide an invalid password but it behaved the same... Here is what i am doing: MapString, String creds = new HashMapString, String(); creds.put(username, pwd); AuthenticationRequest Auth = new AuthenticationRequest(creds); _logger.info(In ConnectCreateCassandraSchema); _client.login(Auth); _logger.info(after login + _keyspace); _client.set_keyspace(_keyspace); It hangs in _client.login(Auth); and when I try to trap the error (no error message), and if I let it continue it will give me you are not logged in on batch_mutate() Alaa On 11/18/2010 3:33 AM, aaron morton wrote: I *think* that message is just from when the connection is closed. Sorry this is a hard one to help with, as it's more than likely something to do with your client app. Some guessing... Everything is working if you do not use the authenticator ? Can you inspect the ports on the server and see if the connection is created from the client ? Any difference if you use an invalid password ? Try using Hector ? Try creating a new testing app from scratch. Hope that helps Aaron On 18 Nov 2010, at 10:03, Alaa Zubaidi wrote: One other thing, while login() hangs when called on the server side, and nothing is logged, I see the following logged when I kill the hanged process. DEBUG 13:01:10,640 logged out: null Thanks On 11/17/2010 12:41 PM, Alaa Zubaidi wrote: Hi Aaron, I used the client, and was able to login. E:\cassandrabin\cassandra-cli.bat -host 191.111.1.11 -port 9160 Starting Cassandra Client Connected to: Test Cluster on 191.111.1.11/9160 Welcome to cassandra CLI. Type 'help' or '?' for help. Type 'quit' or 'exit' to quit. [defa...@unknown] use Realtime al 'al' Authenticated to keyspace: Realtime [a...@realtime] and here is whats logged sever side: DEBUG 12:38:04,921 logged in: #User al groups=[] I am using Java/thrift on windows. Regards, Alaa On 11/15/2010 5:37 PM, Aaron Morton wrote: Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the use statement it will perform a login after setting the keyspace for the connection. Try testing the login that way, and see what is logged server side (with logging at DEBUG). Also, what client are you using ? Aaron On 16 Nov, 2010,at 02:02 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. --Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
I believe the map of credentials should be creds.put(username, your_username); creds.put(password, your_password); So you have two entries in the map, one for user and one for password. No idea why that call would be hanging though. On Thu, Nov 18, 2010 at 1:46 PM, Alaa Zubaidi alaa.zuba...@pdf.com wrote: Hi Aaron, Thanks for the help.. If I don't use the Authenticator, and keep it at AllowAll it will work find.. I tried provide an invalid password but it behaved the same... Here is what i am doing: MapString, String creds = new HashMapString, String(); creds.put(username, pwd); AuthenticationRequest Auth = new AuthenticationRequest(creds); _logger.info(In ConnectCreateCassandraSchema); _client.login(Auth); _logger.info(after login + _keyspace); _client.set_keyspace(_keyspace); It hangs in _client.login(Auth); and when I try to trap the error (no error message), and if I let it continue it will give me you are not logged in on batch_mutate() Alaa On 11/18/2010 3:33 AM, aaron morton wrote: I *think* that message is just from when the connection is closed. Sorry this is a hard one to help with, as it's more than likely something to do with your client app. Some guessing... Everything is working if you do not use the authenticator ? Can you inspect the ports on the server and see if the connection is created from the client ? Any difference if you use an invalid password ? Try using Hector ? Try creating a new testing app from scratch. Hope that helps Aaron On 18 Nov 2010, at 10:03, Alaa Zubaidi wrote: One other thing, while login() hangs when called on the server side, and nothing is logged, I see the following logged when I kill the hanged process. DEBUG 13:01:10,640 logged out: null Thanks On 11/17/2010 12:41 PM, Alaa Zubaidi wrote: Hi Aaron, I used the client, and was able to login. E:\cassandrabin\cassandra-cli.bat -host 191.111.1.11 -port 9160 Starting Cassandra Client Connected to: Test Cluster on 191.111.1.11/9160 Welcome to cassandra CLI. Type 'help' or '?' for help. Type 'quit' or 'exit' to quit. [defa...@unknown] use Realtime al 'al' Authenticated to keyspace: Realtime [a...@realtime] and here is whats logged sever side: DEBUG 12:38:04,921 logged in: #User al groups=[] I am using Java/thrift on windows. Regards, Alaa On 11/15/2010 5:37 PM, Aaron Morton wrote: Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the use statement it will perform a login after setting the keyspace for the connection. Try testing the login that way, and see what is logged server side (with logging at DEBUG). Also, what client are you using ? Aaron On 16 Nov, 2010,at 02:02 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. --Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
Thanks, its working now... On 11/18/2010 1:50 PM, Nick Bailey wrote: I believe the map of credentials should be creds.put(username, your_username); creds.put(password, your_password); So you have two entries in the map, one for user and one for password. No idea why that call would be hanging though. On Thu, Nov 18, 2010 at 1:46 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: Hi Aaron, Thanks for the help.. If I don't use the Authenticator, and keep it at AllowAll it will work find.. I tried provide an invalid password but it behaved the same... Here is what i am doing: MapString, String creds = new HashMapString, String(); creds.put(username, pwd); AuthenticationRequest Auth = new AuthenticationRequest(creds); _logger.info(In ConnectCreateCassandraSchema); _client.login(Auth); _logger.info(after login + _keyspace); _client.set_keyspace(_keyspace); It hangs in _client.login(Auth); and when I try to trap the error (no error message), and if I let it continue it will give me you are not logged in on batch_mutate() Alaa On 11/18/2010 3:33 AM, aaron morton wrote: I *think* that message is just from when the connection is closed. Sorry this is a hard one to help with, as it's more than likely something to do with your client app. Some guessing... Everything is working if you do not use the authenticator ? Can you inspect the ports on the server and see if the connection is created from the client ? Any difference if you use an invalid password ? Try using Hector ? Try creating a new testing app from scratch. Hope that helps Aaron On 18 Nov 2010, at 10:03, Alaa Zubaidi wrote: One other thing, while login() hangs when called on the server side, and nothing is logged, I see the following logged when I kill the hanged process. DEBUG 13:01:10,640 logged out: null Thanks On 11/17/2010 12:41 PM, Alaa Zubaidi wrote: Hi Aaron, I used the client, and was able to login. E:\cassandrabin\cassandra-cli.bat -host 191.111.1.11 -port 9160 Starting Cassandra Client Connected to: Test Cluster on 191.111.1.11/9160 Welcome to cassandra CLI. Type 'help' or '?' for help. Type 'quit' or 'exit' to quit. [defa...@unknown] use Realtime al 'al' Authenticated to keyspace: Realtime [a...@realtime] and here is whats logged sever side: DEBUG 12:38:04,921 logged in: #User al groups=[] I am using Java/thrift on windows. Regards, Alaa On 11/15/2010 5:37 PM, Aaron Morton wrote: Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the use statement it will perform a login after setting the keyspace for the connection. Try testing the login that way, and see what is logged server side (with logging at DEBUG). Also, what client are you using ? Aaron On 16 Nov, 2010,at 02:02 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. --Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
Hi Aaron, I used the client, and was able to login. E:\cassandrabin\cassandra-cli.bat -host 191.111.1.11 -port 9160 Starting Cassandra Client Connected to: Test Cluster on 191.111.1.11/9160 Welcome to cassandra CLI. Type 'help' or '?' for help. Type 'quit' or 'exit' to quit. [defa...@unknown] use Realtime al 'al' Authenticated to keyspace: Realtime [a...@realtime] and here is whats logged sever side: DEBUG 12:38:04,921 logged in: #User al groups=[] I am using Java/thrift on windows. Regards, Alaa On 11/15/2010 5:37 PM, Aaron Morton wrote: Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the use statement it will perform a login after setting the keyspace for the connection. Try testing the login that way, and see what is logged server side (with logging at DEBUG). Also, what client are you using ? Aaron On 16 Nov, 2010,at 02:02 PM, Alaa Zubaidialaa.zuba...@pdf.com wrote: I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
I tried both setting authority to org.apache.cassandra.auth.SimpleAuthority and AllowAllAuthority... I uncommitted the Application logging options in log4j-server.properties, is this enough? Thanks, On 11/14/2010 8:10 AM, Eric Evans wrote: On Fri, 2010-11-12 at 17:07 -0800, Alaa Zubaidi wrote: using SimpleAuthenticator is not working with me in beta 3 I am doing the following: ·In Cassandra.yaml Set authenticator: org.apache.cassandra.auth.SimpleAuthenticator ·Add username and password to passwd.proprties ·Add username to keyspace and column family permission in access.proprties ·Add the path for passwd.proprties and access.proprties to Cassandra.bat set CASSANDRA_PARAMS=-Dcassandra -Dcassandra-foreground=yes -Dpasswd.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3 \conf\passwd.properties -Daccess.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3 \conf\access.properties Did you set authority to org.apache.cassandra.auth.SimpleAuthority? ·Use login() to login to Cassandra in the application: MapString, String creds = new HashMapString, String(); creds.put(user1, pwd1); AuthenticationRequest Auth = newAuthenticationRequest(creds); _client.login(Auth); its giving me an error, with no message, and if I try to do any thing its giving me I am not logged in error. Is there any thing I am missing? Make sure to set the logging level to DEBUG; there should be something in the logs. -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
On Mon, 2010-11-15 at 11:30 -0800, Alaa Zubaidi wrote: I tried both setting authority to org.apache.cassandra.auth.SimpleAuthority and AllowAllAuthority... If you are using SimpleAuthenticator then you should be using SimpleAuthority. I uncommitted the Application logging options in log4j-server.properties, is this enough? No, you need to set the log level on the root logger. By default that line looks like... log4j.rootLogger=INFO,stdout,R ...and you need to make it look like... log4j.rootLogger=DEBUG,stdout,R -- Eric Evans eev...@rackspace.com
Re: using SimpleAuthenticator is not working
I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. Thanks for the help On 11/15/2010 11:42 AM, Eric Evans wrote: On Mon, 2010-11-15 at 11:30 -0800, Alaa Zubaidi wrote: I tried both setting authority to org.apache.cassandra.auth.SimpleAuthority and AllowAllAuthority... If you are using SimpleAuthenticator then you should be using SimpleAuthority. I uncommitted the Application logging options in log4j-server.properties, is this enough? No, you need to set the log level on the root logger. By default that line looks like... log4j.rootLogger=INFO,stdout,R ...and you need to make it look like... log4j.rootLogger=DEBUG,stdout,R -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. -- Eric Evans eev...@rackspace.com
Re: using SimpleAuthenticator is not working
I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like logged in: #User username groups=groupname if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
Can you try using the command line cassandra-cli tool ? fire it up and look at the online help, if you pass a user name and password to the "use" statement it will perform a login after setting the keyspace for the connection.Try testing the login that way, and see what is logged server side (with logging at DEBUG).Also, what client are you using ?AaronOn 16 Nov, 2010,at 02:02 PM, Alaa Zubaidi alaa.zuba...@pdf.com wrote:I removed the exception handling and It seems that the login() is hanging? On 11/15/2010 1:36 PM, Eric Evans wrote: On Mon, 2010-11-15 at 12:26 -0800, Alaa Zubaidi wrote: I set authority to SimpleAuthority and log4j.rootLogger=DEBUG,stdout,R and its still the same, the error in my application is $batch_mutate_result.read(Cassandra.java:16477) InvalidRequestException(why: you have not logged in) and in the system.log after DEBUG .. Disseminating load info... DEBUG .. batch_mutate There is no mention to the login() and set_keyspace() methods. and no other information.. The login() method will either raise an AuthenticationException in the client application if the login failed, or log something like "logged in: #User username groups=groupname" if it succeeded. Either you're not actually calling login(), or your code is trapping the exception and obscuring the failure. -- Alaa Zubaidi PDF Solutions, Inc. 333 West San Carlos Street, Suite 700 San Jose, CA 95110 USA Tel: 408-283-5639 (or 408-280-7900 x5639) fax: 408-938-6479 email: alaa.zuba...@pdf.com
Re: using SimpleAuthenticator is not working
On Fri, 2010-11-12 at 17:07 -0800, Alaa Zubaidi wrote: using SimpleAuthenticator is not working with me in beta 3 I am doing the following: ·In Cassandra.yaml Set authenticator: org.apache.cassandra.auth.SimpleAuthenticator ·Add username and password to passwd.proprties ·Add username to keyspace and column family permission in access.proprties ·Add the path for passwd.proprties and access.proprties to Cassandra.bat set CASSANDRA_PARAMS=-Dcassandra -Dcassandra-foreground=yes -Dpasswd.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3 \conf\passwd.properties -Daccess.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3 \conf\access.properties Did you set authority to org.apache.cassandra.auth.SimpleAuthority? ·Use login() to login to Cassandra in the application: MapString, String creds = new HashMapString, String(); creds.put(user1, pwd1); AuthenticationRequest Auth = newAuthenticationRequest(creds); _client.login(Auth); its giving me an error, with no message, and if I try to do any thing its giving me I am not logged in error. Is there any thing I am missing? Make sure to set the logging level to DEBUG; there should be something in the logs. -- Eric Evans eev...@rackspace.com
Re: using SimpleAuthenticator is not working
Is the server logging anything during the failed authentication? On Fri, Nov 12, 2010 at 8:07 PM, Alaa Zubaidi alaa.zuba...@pdf.com wrote: using SimpleAuthenticator is not working with me in beta 3 I am doing the following: · In Cassandra.yaml Set authenticator: org.apache.cassandra.auth.SimpleAuthenticator · Add username and password to passwd.proprties · Add username to keyspace and column family permission in access.proprties · Add the path for passwd.proprties and access.proprties to Cassandra.bat set CASSANDRA_PARAMS=-Dcassandra -Dcassandra-foreground=yes -Dpasswd.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3\conf\passwd.properties -Daccess.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3\conf\access.properties · Use login() to login to Cassandra in the application: MapString, String creds = new HashMapString, String(); creds.put(user1, pwd1); AuthenticationRequest Auth = new AuthenticationRequest(creds); _client.login(Auth); its giving me an error, with no message, and if I try to do any thing its giving me I am not logged in error. Is there any thing I am missing? Thanks, -- Alaa Zubaidi
using SimpleAuthenticator is not working
using SimpleAuthenticator is not working with me in beta 3 I am doing the following: ·In Cassandra.yaml Set authenticator: org.apache.cassandra.auth.SimpleAuthenticator ·Add username and password to passwd.proprties ·Add username to keyspace and column family permission in access.proprties ·Add the path for passwd.proprties and access.proprties to Cassandra.bat set CASSANDRA_PARAMS=-Dcassandra -Dcassandra-foreground=yes -Dpasswd.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3\conf\passwd.properties -Daccess.properties=E:\Cassandra\Cass07b3\apache-cassandra-0.7.0-beta3\conf\access.properties ·Use login() to login to Cassandra in the application: MapString, String creds = new HashMapString, String(); creds.put(user1, pwd1); AuthenticationRequest Auth = newAuthenticationRequest(creds); _client.login(Auth); its giving me an error, with no message, and if I try to do any thing its giving me I am not logged in error. Is there any thing I am missing? Thanks, -- Alaa Zubaidi
Re: Login failure with SimpleAuthenticator
Hi again.
My system log says:
ERROR [pool-1-thread-1] 2010-05-03 12:54:03,801 Cassandra.java (line 1153)
Internal error processing login
java.lang.RuntimeException: Unexpected authentication problem
at
org.apache.cassandra.auth.SimpleAuthenticator.login(SimpleAuthenticator.java:113)
at
org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:651)
at
org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:1147)
at
org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:1125)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:253)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
at java.io.FileInputStream.init(FileInputStream.java:103)
at java.io.FileInputStream.init(FileInputStream.java:66)
at
org.apache.cassandra.auth.SimpleAuthenticator.login(SimpleAuthenticator.java:82)
... 7 more
Maybe it is a problem with the configuration file. Do I need to add
something more
than
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
line? It seems that cassandra doesn't found access.properties
and passwd.properties files? I have put it in the conf directory, but do I
need to put something more in the storage-conf.xml file?
Keyspace name and user names and password are false, it is only for the
example.
2010/4/29 roger schildmeijer schildmei...@gmail.com
Are you sure that your keyspace is named keyspace, and not Keyspace1
(default)?
/ Roger Schildmeijer
On Thu, Apr 29, 2010 at 2:47 PM, Jonathan Ellis jbel...@gmail.com wrote:
If you're getting an internalerror, you need to check the server logs
for the exception that caused it
On Wed, Apr 28, 2010 at 6:20 AM, Julio Carlos Barrera Juez
juliocar...@gmail.com wrote:
Hi all!
I am using org.apache.cassandra.auth.SimpleAuthenticator to use
authentication in my cluster with one node (with cassandra 0.6.1). I
have
put:
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
in storage-conf.xml file, and:
keyspace=username
in access.properties file, and:
username=password
in passwd.properties file.
When I try to use cassandra client I am using:
./cassandra-cli --host localhost --port 9160 --username username
--password
password --keyspace keyspace --debug
and it returns this:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at
org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
at org.apache.cassandra.cli.CliMain.connect(CliMain.java:109)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:239)
Login failure. Did you specify 'keyspace', 'username' and 'password'?
When I try the same process with Java Thrift API:
TTransport tr = new TSocket(ip, port);
static Cassandra.Client client = new Cassandra.Client(new
TBinaryProtocol(tr));
MapString, String credentials = new HashMapString, String();
credentials.put(SimpleAuthenticator.USERNAME_KEY, username);
credentials.put(SimpleAuthenticator.PASSWORD_KEY, password);
try {
tr.open();
client.login(KEY_SPACE, new AuthenticationRequest(credentials));
catch{...}
..
I get:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at
org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
...
What I am doing wrong?
--
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of Riptano, the source for professional Cassandra support
http://riptano.com
Re: Login failure with SimpleAuthenticator
You need to define two more properties: passwd.properties and
access.properties (hint
-Dpasswd.properties=/user/schildmeijer/cassandra/conf/passwd.properties and
analogous for access.properties)
// Roger Schildmeijer
On Mon, May 3, 2010 at 1:06 PM, Julio Carlos Barrera Juez
juliocar...@gmail.com wrote:
Hi again.
My system log says:
ERROR [pool-1-thread-1] 2010-05-03 12:54:03,801 Cassandra.java (line 1153)
Internal error processing login
java.lang.RuntimeException: Unexpected authentication problem
at
org.apache.cassandra.auth.SimpleAuthenticator.login(SimpleAuthenticator.java:113)
at
org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:651)
at
org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:1147)
at
org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:1125)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:253)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NullPointerException
at java.io.FileInputStream.init(FileInputStream.java:103)
at java.io.FileInputStream.init(FileInputStream.java:66)
at
org.apache.cassandra.auth.SimpleAuthenticator.login(SimpleAuthenticator.java:82)
... 7 more
Maybe it is a problem with the configuration file. Do I need to add
something more
than
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
line? It seems that cassandra doesn't found access.properties
and passwd.properties files? I have put it in the conf directory, but do I
need to put something more in the storage-conf.xml file?
Keyspace name and user names and password are false, it is only for the
example.
2010/4/29 roger schildmeijer schildmei...@gmail.com
Are you sure that your keyspace is named keyspace, and not Keyspace1
(default)?
/ Roger Schildmeijer
On Thu, Apr 29, 2010 at 2:47 PM, Jonathan Ellis jbel...@gmail.comwrote:
If you're getting an internalerror, you need to check the server logs
for the exception that caused it
On Wed, Apr 28, 2010 at 6:20 AM, Julio Carlos Barrera Juez
juliocar...@gmail.com wrote:
Hi all!
I am using org.apache.cassandra.auth.SimpleAuthenticator to use
authentication in my cluster with one node (with cassandra 0.6.1). I
have
put:
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
in storage-conf.xml file, and:
keyspace=username
in access.properties file, and:
username=password
in passwd.properties file.
When I try to use cassandra client I am using:
./cassandra-cli --host localhost --port 9160 --username username
--password
password --keyspace keyspace --debug
and it returns this:
org.apache.thrift.TApplicationException: Internal error processing
login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at
org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
at org.apache.cassandra.cli.CliMain.connect(CliMain.java:109)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:239)
Login failure. Did you specify 'keyspace', 'username' and 'password'?
When I try the same process with Java Thrift API:
TTransport tr = new TSocket(ip, port);
static Cassandra.Client client = new Cassandra.Client(new
TBinaryProtocol(tr));
MapString, String credentials = new HashMapString, String();
credentials.put(SimpleAuthenticator.USERNAME_KEY, username);
credentials.put(SimpleAuthenticator.PASSWORD_KEY, password);
try {
tr.open();
client.login(KEY_SPACE, new AuthenticationRequest(credentials));
catch{...}
..
I get:
org.apache.thrift.TApplicationException: Internal error processing
login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at
org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
...
What I am doing wrong?
--
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of Riptano, the source for professional Cassandra support
http://riptano.com
Re: Login failure with SimpleAuthenticator
If you're getting an internalerror, you need to check the server logs
for the exception that caused it
On Wed, Apr 28, 2010 at 6:20 AM, Julio Carlos Barrera Juez
juliocar...@gmail.com wrote:
Hi all!
I am using org.apache.cassandra.auth.SimpleAuthenticator to use
authentication in my cluster with one node (with cassandra 0.6.1). I have
put:
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
in storage-conf.xml file, and:
keyspace=username
in access.properties file, and:
username=password
in passwd.properties file.
When I try to use cassandra client I am using:
./cassandra-cli --host localhost --port 9160 --username username --password
password --keyspace keyspace --debug
and it returns this:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
at org.apache.cassandra.cli.CliMain.connect(CliMain.java:109)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:239)
Login failure. Did you specify 'keyspace', 'username' and 'password'?
When I try the same process with Java Thrift API:
TTransport tr = new TSocket(ip, port);
static Cassandra.Client client = new Cassandra.Client(new
TBinaryProtocol(tr));
MapString, String credentials = new HashMapString, String();
credentials.put(SimpleAuthenticator.USERNAME_KEY, username);
credentials.put(SimpleAuthenticator.PASSWORD_KEY, password);
try {
tr.open();
client.login(KEY_SPACE, new AuthenticationRequest(credentials));
catch{...}
..
I get:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
...
What I am doing wrong?
--
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of Riptano, the source for professional Cassandra support
http://riptano.com
Re: Login failure with SimpleAuthenticator
Are you sure that your keyspace is named keyspace, and not Keyspace1
(default)?
/ Roger Schildmeijer
On Thu, Apr 29, 2010 at 2:47 PM, Jonathan Ellis jbel...@gmail.com wrote:
If you're getting an internalerror, you need to check the server logs
for the exception that caused it
On Wed, Apr 28, 2010 at 6:20 AM, Julio Carlos Barrera Juez
juliocar...@gmail.com wrote:
Hi all!
I am using org.apache.cassandra.auth.SimpleAuthenticator to use
authentication in my cluster with one node (with cassandra 0.6.1). I have
put:
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
in storage-conf.xml file, and:
keyspace=username
in access.properties file, and:
username=password
in passwd.properties file.
When I try to use cassandra client I am using:
./cassandra-cli --host localhost --port 9160 --username username
--password
password --keyspace keyspace --debug
and it returns this:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
at org.apache.cassandra.cli.CliMain.connect(CliMain.java:109)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:239)
Login failure. Did you specify 'keyspace', 'username' and 'password'?
When I try the same process with Java Thrift API:
TTransport tr = new TSocket(ip, port);
static Cassandra.Client client = new Cassandra.Client(new
TBinaryProtocol(tr));
MapString, String credentials = new HashMapString, String();
credentials.put(SimpleAuthenticator.USERNAME_KEY, username);
credentials.put(SimpleAuthenticator.PASSWORD_KEY, password);
try {
tr.open();
client.login(KEY_SPACE, new AuthenticationRequest(credentials));
catch{...}
..
I get:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
...
What I am doing wrong?
--
Jonathan Ellis
Project Chair, Apache Cassandra
co-founder of Riptano, the source for professional Cassandra support
http://riptano.com
Login failure with SimpleAuthenticator
Hi all!
I am using org.apache.cassandra.auth.SimpleAuthenticator to use
authentication in my cluster with one node (with cassandra 0.6.1). I have
put:
Authenticatororg.apache.cassandra.auth.SimpleAuthenticator/Authenticator
in storage-conf.xml file, and:
keyspace=username
in access.properties file, and:
username=password
in passwd.properties file.
When I try to use cassandra client I am using:
./cassandra-cli --host localhost --port 9160 --username username --password
password --keyspace keyspace --debug
and it returns this:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
at org.apache.cassandra.cli.CliMain.connect(CliMain.java:109)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:239)
Login failure. Did you specify 'keyspace', 'username' and 'password'?
When I try the same process with Java Thrift API:
TTransport tr = new TSocket(ip, port);
static Cassandra.Client client = new Cassandra.Client(new
TBinaryProtocol(tr));
MapString, String credentials = new HashMapString, String();
credentials.put(SimpleAuthenticator.USERNAME_KEY, username);
credentials.put(SimpleAuthenticator.PASSWORD_KEY, password);
try {
tr.open();
client.login(KEY_SPACE, new AuthenticationRequest(credentials));
catch{...}
..
I get:
org.apache.thrift.TApplicationException: Internal error processing login
at
org.apache.thrift.TApplicationException.read(TApplicationException.java:108)
at
org.apache.cassandra.thrift.Cassandra$Client.recv_login(Cassandra.java:300)
at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:282)
...
What I am doing wrong?
