Opps, my bad... please ignore the email below. It actually works with the plain text password (I had forgotten to update the passwd.properties file on one node which was causing the login to fail).
Example of successful login: ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe -pw 'nosql' -k MDR Connected to: "Demo_Cluster_beta1" on ec2-50-19-26-189.compute-1.amazonaws.com/9160 Welcome to the Cassandra CLI. Would still be nice though to use the bcrypt hash over MD5 for stronger security. - Sameer On Tue, May 17, 2011 at 3:05 PM, Sameer Farooqui <cassandral...@gmail.com>wrote: > Hey Aaron, > > Unfortunately it fails with plaintext password also: > > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u > jdoe -pw 'nosql' -k MDR Login failure. Did you specify 'keyspace', > 'username' and 'password'? > Welcome to the Cassandra CLI. > <quit CLI manually> > > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u > jdoe -pw nosql -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? > Welcome to the Cassandra CLI. > <quit CLI manually> > > Regarding the security of MD5, I'm not a security guy either, but it seems > quiet easy to crack, especially for short passwords. > > This website was quickly able to decrypt my MD5 digest (which is honestly > not very complex) and give me the original plaintext: > http://md5.noisette.ch/index.php > > Longer list of MD5 rainbow table sites: > http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ > > Anyway, any help with the original question of how to input the password > the the Cassandra-CLI would be much appreciated! > > > - Sameer > > > > On Tue, May 17, 2011 at 1:03 PM, aaron morton <aa...@thelastpickle.com>wrote: > >> Use the plain text password via the cli, the server will make a hash and >> compare it to the one in the file. >> >> wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the >> problem of storing passwords in plain text in a file. >> >> Hope that helps. >> >> ----------------- >> Aaron Morton >> Freelance Cassandra Developer >> @aaronmorton >> http://www.thelastpickle.com >> >> On 17 May 2011, at 10:59, Sameer Farooqui wrote: >> >> By the way, just noticed a typo in my email below. I'm using the correct >> keyspace name in all locations on the cluster... however in my examples >> below, I used MyKeyspace in some spots and MDR in other spots, but in the >> cluster I'm specifying the same keyspace name everywhere, so that's not the >> issue. >> >> - Sameer >> >> >> On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandral...@gmail.com >> > wrote: >> >>> Hi all, >>> >>> We are trying to use MD5 encrypted passwords. Quick question first - Is >>> SHA-2 supported yet? US-CERT of the U. S. Department of Homeland >>> Security has said that MD5 "should be considered cryptographically broken >>> and unsuitable for further use”, and SHA-2 family of hash functions is >>> recommended. >>> >>> The issue I'm seeing is that when I turn on MD5 encryption, I can't log >>> into the cluster from Cassandra-CLI (I get a login failure). >>> >>> The cassandra.in.sh file has been changed as so: >>> >>> JVM_OPTS=" >>> >>> -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties >>> \ >>> >>> -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties >>> \ >>> -Dpasswd.mode=MD5" >>> >>> >>> And I ran this python script to generate a MD5 hash: >>> ubuntu@darknet:~$ python >>> Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) >>> [GCC 4.4.5] on linux2 >>> Type "help", "copyright", "credits" or "license" for more information. >>> >>> from hashlib import md5 >>> >>> p = "nosql" >>> >>> h = md5(p).hexdigest() >>> >>> print h >>> 9fa1b39e7eb877367213e6f7e37d0b01 >>> >>> >>> Then I updated the passwd.properties file with the new hashed password: >>> jdoe=9fa1b39e7eb877367213e6f7e37d0b01 >>> >>> >>> Also, the access.properties file is properly set so that jdoe has rw >>> access to the keyspace and CF: >>> MyKeyspace.<rw>=jdoe,jsmith >>> MyKeyspace.MyCF.<rw>=jsmith,jdoe >>> >>> >>> But when I try to connect to the cluster now, I'm getting a login >>> failure. I have tried a few different ways of connecting: >>> >>> Ran this from the Cassandra CLI: >>> [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe >>> '9fa1b39e7eb877367213e6f7e37d0b01'; >>> Login failure. Did you specify 'keyspace', 'username' and 'password'? >>> >>> >>> Ran these from the Ubuntu CLI: >>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ >>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u >>> jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR >>> Login failure. Did you specify 'keyspace', 'username' and 'password'? >>> >>> >>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ >>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u >>> jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR >>> Login failure. Did you specify 'keyspace', 'username' and 'password'? >>> >>> >>> Hmm, what am I doing wrong? >>> >>> - Sameer >>> >>> >>> >> >> >
