If you're able to configure your clients so that they don't send requests
to 1 node in the cluster you can enable PasswordAuthenticator &
CassandraAuthorizer on that node only and use cqlsh to setup all your users
& permissions. The rest of the cluster will continue to serve client
requests as norm
Cassandra 1.2.19
We would like to turn on Cassandra's internal security (PasswordAuthenticator
and CassandraAuthorizer) on the ring (away from AllowAll). (Clients are already
passing credentials in their connections.) However, I know all nodes have to be
switched to those before the basic secur