Hi all,
We are trying to use MD5 encrypted passwords. Quick question first - Is
SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security
has said that MD5 "should be considered cryptographically broken and
unsuitable for further use”, and SHA-2 family of hash functions is
recommended.
The issue I'm seeing is that when I turn on MD5 encryption, I can't log into
the cluster from Cassandra-CLI (I get a login failure).
The cassandra.in.sh file has been changed as so:
JVM_OPTS="
-Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties
\
-Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties
\
-Dpasswd.mode=MD5"
And I ran this python script to generate a MD5 hash:
ubuntu@darknet:~$ python
Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39)
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from hashlib import md5
>>> p = "nosql"
>>> h = md5(p).hexdigest()
>>> print h
9fa1b39e7eb877367213e6f7e37d0b01
Then I updated the passwd.properties file with the new hashed password:
jdoe=9fa1b39e7eb877367213e6f7e37d0b01
Also, the access.properties file is properly set so that jdoe has rw access
to the keyspace and CF:
MyKeyspace.<rw>=jdoe,jsmith
MyKeyspace.MyCF.<rw>=jsmith,jdoe
But when I try to connect to the cluster now, I'm getting a login failure. I
have tried a few different ways of connecting:
Ran this from the Cassandra CLI:
[default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe
'9fa1b39e7eb877367213e6f7e37d0b01';
Login failure. Did you specify 'keyspace', 'username' and 'password'?
Ran these from the Ubuntu CLI:
ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR
Login failure. Did you specify 'keyspace', 'username' and 'password'?
ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR
Login failure. Did you specify 'keyspace', 'username' and 'password'?
Hmm, what am I doing wrong?
- Sameer
