Use the plain text password via the cli, the server will make a hash and compare it to the one in the file.
wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the problem of storing passwords in plain text in a file. Hope that helps. ----------------- Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: > By the way, just noticed a typo in my email below. I'm using the correct > keyspace name in all locations on the cluster... however in my examples > below, I used MyKeyspace in some spots and MDR in other spots, but in the > cluster I'm specifying the same keyspace name everywhere, so that's not the > issue. > > - Sameer > > > On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandral...@gmail.com> > wrote: > Hi all, > > We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 > supported yet? US-CERT of the U. S. Department of Homeland Security has said > that MD5 "should be considered cryptographically broken and unsuitable for > further use”, and SHA-2 family of hash functions is recommended. > > The issue I'm seeing is that when I turn on MD5 encryption, I can't log into > the cluster from Cassandra-CLI (I get a login failure). > > The cassandra.in.sh file has been changed as so: > > JVM_OPTS=" > > -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties > \ > > -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties > \ > -Dpasswd.mode=MD5" > > > And I ran this python script to generate a MD5 hash: > ubuntu@darknet:~$ python > Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) > [GCC 4.4.5] on linux2 > Type "help", "copyright", "credits" or "license" for more information. > >>> from hashlib import md5 > >>> p = "nosql" > >>> h = md5(p).hexdigest() > >>> print h > 9fa1b39e7eb877367213e6f7e37d0b01 > > > Then I updated the passwd.properties file with the new hashed password: > jdoe=9fa1b39e7eb877367213e6f7e37d0b01 > > > Also, the access.properties file is properly set so that jdoe has rw access > to the keyspace and CF: > MyKeyspace.<rw>=jdoe,jsmith > MyKeyspace.MyCF.<rw>=jsmith,jdoe > > > But when I try to connect to the cluster now, I'm getting a login failure. I > have tried a few different ways of connecting: > > Ran this from the Cassandra CLI: > [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe > '9fa1b39e7eb877367213e6f7e37d0b01'; > Login failure. Did you specify 'keyspace', 'username' and 'password'? > > > Ran these from the Ubuntu CLI: > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe > -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? > > > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe > -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? > > > Hmm, what am I doing wrong? > > - Sameer > > >
