Database Reference
In-Depth Information
Authorization and authentication
By default, Cassandra is open to everyone who has access to Cassandra's node address and
ports. Since most of the time it's just your applications that access Cassandra and generally
the whole application ecosystem is heavily guarded (by VPN, VPC, and firewall), it may
not bother you that Cassandra has no security.
Cassandra 1.2.2 and higher provide an RDBMS-like security authorization and authentica-
tion mechanism that is a notable departure from the text file-based security before this ver-
sion. To enable security, all you need to do is change two things in the
cassandra.yaml
file: authenticator and authorizer. By default, they are set to
AllowAllAuthenticator
and
AllowAllAuthorizer
, respectively. They work exactly in ways their names sug-
gest. Cassandra ships with
PasswordAuthenticator
as authenticator and
Cas-
sandraAuthorizer
as authorizer. This will enable a MySQL-like authorization and au-
thentication system in Cassandra. For more details on working with Cassandra
authn
and
or want to hook it up with your existing security mechanism, you can implement
Iau-
thenticator
for authentication and/or
Iauthorizer
for authorization.
The default username and password for Cassandra is
cassandra/cassandra
. It is ad-
vised that when you first log in, you create a new superuser and remove any permission
from the default user and change the default password, for obvious reasons. The details on