does this help? Links at the bottom show the cql statements to add/modify users: http://www.datastax.com/docs/1.2/security/native_authentication
On Feb 26, 2013, at 4:06 PM, C.F.Scheidecker Antunes <cf.antu...@gmail.com> wrote: > Hello all, > > Cassandra has changed and now has a default authentication and authorization > mechanism. > > The classes org.apache.cassandra.auth.PasswordAuthenticator (authenticator) > and > org.apache.cassandra.auth.CassandraAuthorizer (authorization) provide that. > > They both write to a keyspace called system_auth and there are 2 column > families > that are used for it, namely credentials and permissions. > > The permissions table is defined in CassandraAuthorizer as follows: > > "CREATE TABLE system_auth.permissions (username text, > resource text, > permissions set<text>, > PRIMARY KEY(username, resource) > ) WITH gc_grace_seconds=(90 * 24 * 60 * 60)" > // 3 months > > The credentials table is created in PasswordAuthenticator as follows: > > "CREATE TABLE system_auth.credentials (username text, > salted_hash text, // salt + hash + > number of rounds > options map<text,text>, // for future > extensions > PRIMARY KEY(username) > ) WITH gc_grace_seconds=(90 * 24 * 60 > * 60)" // 3 months > > > The password is hashed as BCrypt.hashpw(password, > BCrypt.gensalt(GENSALT_LOG2_ROUNDS)); where > > GENSALT_LOG2_ROUNDS is set to 10. > > > Out of the box, the keyspace system_auth is there but the CFs are not defined > when one issues a describe system_auth inside > cassandra-cli application. > > The configuration file says: > > PasswordAuthenticator relies on username/password pairs to authenticate > users. It keeps usernames and hashed passwords in system_auth.credentials > table. > Please increase system_auth keyspace replication factor if you use this > authenticator. > > On the configuration file /etc/cassandra/cassandra.yaml I have set: > > authenticator: org.apache.cassandra.auth.PasswordAuthenticator > authorizer: org.apache.cassandra.auth.CassandraAuthorizer > > Therefore I have 3 questions. > > 1) How can I increase the replication factor if the keyspace system_auth is > already there? Can I do this? > Currently the replication factor is 1: > [cassandra@system_auth] describe; > Keyspace: system_auth: > Replication Strategy: org.apache.cassandra.locator.SimpleStrategy > Durable Writes: true > Options: [replication_factor:1] > Column Families: > > 2) Shall I create the CFs credentials and permissions via cassandra-cli as > well? > If I issue a select command from cqlsh I can see: > > cqlsh:system_auth> SELECT * FROM credentials; > > username | options | salted_hash > -----------+---------+-------------------------------------------------------------- > cassandra | null | > > Eventhough there is no credentials CF defined on the schema yet. > > 3) What is the process of adding more users? Shall I do via cassandra-cli and > or cqlsh? How shall I specify the read and write privileges as well > as the keyspaces for which it has writes? > Something like this: > OpsCenter.<rw>=carlos > system.<rw>=carlos > system_traces.<rw>=carlos > nando.<rw>=carlos >