You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by Apache Wiki <wi...@apache.org> on 2011/10/27 03:11:29 UTC
[Cassandra Wiki] Update of "SimpleAuthenticator" by DaveBrosius
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Cassandra Wiki" for change notification.
The "SimpleAuthenticator" page has been changed by DaveBrosius:
http://wiki.apache.org/cassandra/SimpleAuthenticator?action=diff&rev1=1&rev2=2
Comment:
update to how the SimpleAuthenticator works in 1.0.0
- SimpleAuthenticator is a authenticator provided with Cassandra.
+ Cassandra uses a simple and pluggable authentication and authorization model using the
+ supplied interfaces:
+
+ {{{
+ org.apache.cassandra.auth.IAuthenticator.java
+ org.apache.cassandra.auth.IAuthority.java
+ }}}
+
+ Out of the box Cassandra ships with a promiscuous implementation that allows all access to all
+ users without the need to log in. If you want to increase the security beyond this you are free to
+ implement the above interfaces to provide whatever security mechanisms you like.
+
+ In the source distribution there is a simple example of authentication and authorization based
+ on entries in properties files. This implementation is not provided with the binary distribution
+ as it may not provide a level of security that is adequate for your needs. However, you can use
+ these examples for your own implementations. This example is found in the examples directory, in the
+ package
+
+ {{{
+ org.apache.cassandra.auth.SimpleAuthenticator.java
+ }}}
+
+ To use this implementation, move the classes to the cassandra source tree, and recompile the jars
+ with their inclusion. Then move the example property files
+ {{{
+ access.properties
+ passwd.properties
+ }}}
+ to your conf directory. You can refer to these files for the format needed by the SimpleAuthenticator class.
+
You enable it by adding
{{{
- <Authenticator>org.apache.cassandra.auth.SimpleAuthenticator</Authenticator>
+ authenticator: org.apache.cassandra.auth.SimpleAuthenticator
+ authority: org.apache.cassandra.auth.SimpleAuthority
}}}
- in conf/storage-conf.xml. If no <Authenticator> is specified, the default
- is org.apache.cassandra.auth.AllowAllAuthenticator
+ in conf/cassandra.yaml
+ If no <Authenticator> is specified, the default is org.apache.cassandra.auth.AllowAllAuthenticator
If you use SimpleAuthenticator you should also update
bin/cassandra.in.sh to specify additional properties which point to the
location of your authentication files.
Add the following to the JVM_OPTS (e.g. before the -Dcom.sun.management.jmxremote.port setting):
{{{
- -Dpasswd.properties=/usr/local/apache-cassandra-0.6.6/conf/passwd.properties \
+ -Dpasswd.properties=/usr/local/apache-cassandra-1.0.0/conf/passwd.properties \
- -Daccess.properties=/usr/local/apache-cassandra-0.6.6/conf/access.properties \
+ -Daccess.properties=/usr/local/apache-cassandra-1.0.0/conf/access.properties \
}}}
(Alter the paths to the configuration files depending on where placed the files.)
- See the sample passwd.properties and access.properties files in the conf directory.
-