A few days ago I was about to upgrade Cassandra cluster from 1.1.0 (+ Authentication patch I wrote) to 1.1.6, but – a bit surprisingly – I realized that something is wrong with new Cassandra. I had no problems with creating keyspaces before, as I set proper modify-keyspaces property in access.properties, but after the upgrade it stopped to work. After a short investigation I found out that there were some significant changes in Cassandra’s Permission system which broke SimpleAuthenticator. This article is about how to make it work again.
Few days ago I had some doubts on how Cassandra’s SimpleAuthenticator and SimpleAuthority really work. I mean – I was not sure of the way I should configure them to get the expected results. It may seem obvious now, but I had to look at source code to find out what is possible and what is not. So, to save your time, here’s a brief description of this.
Today I was asked to set up user authentication in Cassandra, so we could stop using the “default” user with unrestricted access only. I have to say that I was really surprised when I noticed that there’s NO out-of-the-box authentication and authorization framework in it. Luckily, it can be easily enabled in a few steps which I’m going to show you.
One important thing – SimpleAuthenticator we’re going to use is in the “examples” directory of Cassandra package. It’s because it is considered to be very simple and not very safe (it was even called a “toy” in one of Cassandra’s Jira tasks), so DO NOT rely on it as on a serious protection tool for your system. However it still fits many requirements (i.e. you don’t want user to make a mess in a Column Family he doesn’t need to work on) so you may find it useful. You have been warned.