Configuring them for use is very easy and involves simply editing the file and uncommenting two configuration parameters that control Cassandra internal authentication and authorization (examples shown throughout this article are those used with Data Stax Enterprise, but the same general facts apply to open source Cassandra as well; for example, in Cassandra the namespace for password authentication and authorization is org.apache.vs com.cassandra.auth): As an aside, let me mention that the Cassandra-based authentication and authorization are just one possible implementation of these types of security enforcements; you have the flexibility to create/use others if you’d like.Also, you have the option of using authentication without authorization if you choose.
This account allows a user to perform any action on the database cluster and create new login accounts.
It’s recommended that the password be changed from the default.
An example of logging in and altering the default password for the cassandra superuser might be: To avoid having to pass an ID/password combination every time a login with the CQL utility is done, a ~.cqlshrc file can be created and stored in a user’s home directory.
Security has been a notable weakness in nearly every No SQL database, a fact that was highlighted in a 2012 Information Week special report entitled “Why No SQL Equals No Security.” Recognizing that a comprehensive security framework is needed for No SQL, and due to very high demand from both customers and the open source community, we decided to make security one of the key areas of focus for version 3.0 of Data Stax Enterprise and Cassandra.
This article will concentrate on the new internal authentication and authorization (or permission management) features that are part of both open source Cassandra as well as Data Stax Enterprise.
Authentication deals with validating incoming user connections to a database cluster, whereas authorization concerns itself with what a logged in user can do inside a database.
For more information on both of these, see our Apache Cassandra online docs.
authentication equates to having user login accounts and their passwords being managed inside Cassandra.
Another way of controlling authentication is through external security software such as Kerberos and LDAP.
External authentication is supported by Data Stax Enterprise (DSE) whereas internal authentication is supported both by DSE and open source Cassandra.
Built-in Cassandra-based internal authentication and authorization is not enabled by default.