Cassandra安全--密码认证

x33g5p2x  于2020-09-08 发布在 Cassandra  
字(1.0k)|赞(0)|评价(0)|浏览(746)

1 打开配置文件

vim cassandra.yaml

2 修改如下内容

authenticator: PasswordAuthenticator

3 重启Cassandra

cassandra -f

4 使用默认账户登录Cassandra

cqlsh -u cassandra -p cassandra

5 创建新的超级账户

CREATE ROLE busuanzi WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = 'busuanzi.org';

6 退出Cassandra用户,并用新超级用户登录

exit
cqlsh -u busuanzi -p busuanzi.org

7 禁用默认的超级用户(因为默认用户是公开的账户密码所以禁用)

ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;

之后可以根据新的用户名和密码登录Cassandra。
至于Cassandra远程连接相关配置请看下一节。

扩展内容:

1.如何在集群中更新密码验证配置(如果是单机版,忽略此步骤)

ALTER KEYSPACE system_auth WITH replication = {'class': 'NetworkTopologyStrategy', 'DC1': 3, 'DC2': 3};

2.如果遇到登录失败报错

cqlsh -u cassandra -p cassandra
Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Failed to authenticate to 127.0.0.1: Error from server: code=0100 [Bad credentials] message="Error during authentication of user cassandra : org.apache.cassandra.exceptions.UnavailableException: Cannot achieve consistency level QUORUM"',)})

单机版的更改成集群复制了,因为找不到节点,单机版登录会失败。需要将密码验证改回去,然后进入cqlsh

ALTER KEYSPACE system_auth WITH replication = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };

相关文章