5

I'm currently using the following configuration for Cassandra:

 authenticator: PasswordAuthenticator
 authorizer: org.apache.cassandra.auth.CassandraAuthorizer

My question is: How can I disable role management to use normal CQL system.permissions

The reason behind disabling roles as a whole, is because I'm unable to use create a new user while roleManagement is active:

 user@cqlsh> create user testuser with password '123';
 InvalidRequest: code=2200 [Invalid query] message="org.apache.cassandra.auth.CassandraRoleManager doesn't support PASSWORD"
Raedwald
  • 46,613
  • 43
  • 151
  • 237
Ted Huinink
  • 846
  • 1
  • 7
  • 14
  • Which authenticator are you using? From the docs, iAuthenticator does not support use of Passwords but PasswordAuthenticator should (regardless of using RoleManager) "Alternative IAuthenticator implementations may be used in conjunction with CassandraRoleManager, but WITH PASSWORD = 'password' will not be supported in CREATE/ALTER ROLE statements." – Alec Collier Aug 17 '15 at 23:51
  • Currently I'm using PasswordAuthenticator and CassandraAuthorizer in the configuration. While on one server everything regarding creating users is working fine. The server in question uses additional role tables such as system_auth.roles. While my other server does not (exactly the same yaml config file) and has no trouble basic features such as creating users with passwords. – Ted Huinink Aug 18 '15 at 14:08
  • Sorry, missed must have missed the bit about your authenticator in the question. Looking at the JIRA to add roles, https://issues.apache.org/jira/browse/CASSANDRA-7653 -- looks like CREATE USER is an alias for the CREATE ROLE command. Can you try with the command "CREATE ROLE testuser WITH PASSWORD '123' NOSUPERUSER LOGIN". See if that gives the same error. – Alec Collier Aug 18 '15 at 23:53
  • Thank you for your response. I have tried: user@cqlsh> CREATE ROLE testuser WITH PASSWORD = '123' AND SUPERUSER = true; InvalidRequest: code=2200 [Invalid query] message="org.apache.cassandra.auth.CassandraRoleManager doesn't support PASSWORD" – Ted Huinink Aug 19 '15 at 07:43
  • It pretty much gives a locked in feeling. I'm afraid users can't be created and the superadmin can't delete their own role without creating a new super user. I even manually resorted to deleting all the role tables on disk, but to no avail. – Ted Huinink Aug 19 '15 at 08:08

1 Answers1

6

I was getting the same issue. I modified cassandra.yaml file as below:

authenticator: org.apache.cassandra.auth.PasswordAuthenticator
authorizer: org.apache.cassandra.auth.CassandraAuthorizer

And restarted the node. It worked for me.

You can also check the following link

kinjelom
  • 6,105
  • 3
  • 35
  • 61
Anjali
  • 61
  • 1
  • 3