Category Archives: Cassandra

How do you create the first user in Cassandra DB

title: “How do you create the first user in Cassandra DB”
date: 2016-09-27T08:06:01
slug: how-do-you-create-the-first-user-in-cassandra-db

You need to enable PasswordAuthenticator in cassandra.yaml file. To enable PasswordAuthenticator you need to change authenticator property in cassandra.yaml

Change

authenticator: AllowAllAuthenticator

to

authenticator: PasswordAuthenticator

After that login with following command and then you will be able to add new user

cqlsh -u cassandra -p cassandra

Once you get in, your first task should be to create another super user account.

CREATE USER dba WITH PASSWORD 'bacon' SUPERUSER;

Next, it is a really good idea to set the current Cassandra super user’s password to something else…preferably something long and incomprehensible. With your new super user, you shouldn’t need the default Cassandra account again.

ALTER USER cassandra WITH PASSWORD 'dfsso67347mething54747long67a7ndincom4574prehensi

reset Cassandra superuser password

title: “reset Cassandra superuser password”
date: 2016-09-27T08:03:37
slug: reset-cassandra-superuser-password

Turn off authorisation and authentication :

edit cassandra.yaml and set the following:

authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer

bounce cassandra

service cassandra restart

Fire up the cli

cqlsh

At this point you need to identify you superusers. If you were a good girl/boy, you would have set up a fresh superuser and dumped the default cassandra user.

list users;

 name | super
-----------+-------
 cassandra | False
 myadmin | True

As you can see, I’ve taken super privs away from the default superuser cassandra and created my own called myadmin as per the recommendations of the docs.

Now, depending on how many nodes and data centers you have, the system_auth keyspace is likely to be replicated on other nodes and specifically the credentials column family. You need to manually update this table to get back into shape, as this saves you the hassle of having to visit all nodes in your cluster and reset authentication as above.

Type in the following:

update system\_auth.credentials set salted\_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='myadmin' ;

Revert the cassandra.yaml:

authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer

and restart

service cassandra restart

Now you can log in with:

cqlsh -u myadmin -p cassandra

Once logged, reset your password to something less obvious.