Database Reference
In-Depth Information
Enabling authentication and authorization
By default, Cassandra does not require user authentication when clients connect to the
cluster, and it also does not place any restriction on the ability of clients to perform opera-
tions on the database. To change this, we will need to make a couple of minor modifica-
tions to our Cassandra instance's configuration file. Since modifications to the configura-
tion file are typically a concern of deployment engineers, we haven't interacted with it in
this topic, so you may be wondering where to find it. Where it's located depends on your
platform; the table below assumes you installed Cassandra using the instructions for your
platform in the
Installing Cassandra
section of
Chapter 1
,
Getting Up and Running with
Cassandra
. The following table gives you the location of the
cassandra.yaml
file on
the respective platforms.
Platform
Configuration file location
Mac OS X
/usr/local/etc/cassandra/cassandra.yaml
Ubuntu
/etc/cassandra/cassandra.yaml
Windows
C:\Program Files\DataStax Community\apache-cassandra\conf\cassandra.yaml
You will need to make two changes to the
cassandra.yaml
file. First, find the line that
begins with
authenticator:
and change it to:
authenticator: PasswordAuthenticator
This change tells Cassandra to require a username and password when clients connect to
the cluster. It does not, however, restrict access based on which user is logged in; to do that,
we'll need to enable authorization. Find the line beginning with
authorizer:
and
change it to:
authorizer: CassandraAuthorizer
Now our cluster will restrict the access of the logged in user based on the permissions that
user has been granted. You will need to restart your Cassandra instance for the settings to
take effect.
