If you need it create a ticket on https://issues.apache.org/jira/browse/CASSANDRA
Aaron ----------------- Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 18 May 2011, at 10:52, Sameer Farooqui wrote: > Opps, my bad... please ignore the email below. It actually works with the > plain text password (I had forgotten to update the passwd.properties file on > one node which was causing the login to fail). > > Example of successful login: > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe > -pw 'nosql' -k MDR Connected to: "Demo_Cluster_beta1" on > ec2-50-19-26-189.compute-1.amazonaws.com/9160 > Welcome to the Cassandra CLI. > > > Would still be nice though to use the bcrypt hash over MD5 for stronger > security. > > > - Sameer > > > On Tue, May 17, 2011 at 3:05 PM, Sameer Farooqui <cassandral...@gmail.com> > wrote: > Hey Aaron, > > Unfortunately it fails with plaintext password also: > > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe > -pw 'nosql' -k MDR Login failure. Did you specify 'keyspace', 'username' and > 'password'? > Welcome to the Cassandra CLI. > <quit CLI manually> > > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ > bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u jdoe > -pw nosql -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? > Welcome to the Cassandra CLI. > <quit CLI manually> > > Regarding the security of MD5, I'm not a security guy either, but it seems > quiet easy to crack, especially for short passwords. > > This website was quickly able to decrypt my MD5 digest (which is honestly not > very complex) and give me the original plaintext: > http://md5.noisette.ch/index.php > > Longer list of MD5 rainbow table sites: > http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/ > > Anyway, any help with the original question of how to input the password the > the Cassandra-CLI would be much appreciated! > > > - Sameer > > > > On Tue, May 17, 2011 at 1:03 PM, aaron morton <aa...@thelastpickle.com> wrote: > Use the plain text password via the cli, the server will make a hash and > compare it to the one in the file. > > wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the > problem of storing passwords in plain text in a file. > > Hope that helps. > > ----------------- > Aaron Morton > Freelance Cassandra Developer > @aaronmorton > http://www.thelastpickle.com > > On 17 May 2011, at 10:59, Sameer Farooqui wrote: > >> By the way, just noticed a typo in my email below. I'm using the correct >> keyspace name in all locations on the cluster... however in my examples >> below, I used MyKeyspace in some spots and MDR in other spots, but in the >> cluster I'm specifying the same keyspace name everywhere, so that's not the >> issue. >> >> - Sameer >> >> >> On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandral...@gmail.com> >> wrote: >> Hi all, >> >> We are trying to use MD5 encrypted passwords. Quick question first - Is >> SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security >> has said that MD5 "should be considered cryptographically broken and >> unsuitable for further use”, and SHA-2 family of hash functions is >> recommended. >> >> The issue I'm seeing is that when I turn on MD5 encryption, I can't log into >> the cluster from Cassandra-CLI (I get a login failure). >> >> The cassandra.in.sh file has been changed as so: >> >> JVM_OPTS=" >> >> -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties >> \ >> >> -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties >> \ >> -Dpasswd.mode=MD5" >> >> >> And I ran this python script to generate a MD5 hash: >> ubuntu@darknet:~$ python >> Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) >> [GCC 4.4.5] on linux2 >> Type "help", "copyright", "credits" or "license" for more information. >> >>> from hashlib import md5 >> >>> p = "nosql" >> >>> h = md5(p).hexdigest() >> >>> print h >> 9fa1b39e7eb877367213e6f7e37d0b01 >> >> >> Then I updated the passwd.properties file with the new hashed password: >> jdoe=9fa1b39e7eb877367213e6f7e37d0b01 >> >> >> Also, the access.properties file is properly set so that jdoe has rw access >> to the keyspace and CF: >> MyKeyspace.<rw>=jdoe,jsmith >> MyKeyspace.MyCF.<rw>=jsmith,jdoe >> >> >> But when I try to connect to the cluster now, I'm getting a login failure. I >> have tried a few different ways of connecting: >> >> Ran this from the Cassandra CLI: >> [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe >> '9fa1b39e7eb877367213e6f7e37d0b01'; >> Login failure. Did you specify 'keyspace', 'username' and 'password'? >> >> >> Ran these from the Ubuntu CLI: >> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ >> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u >> jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR >> Login failure. Did you specify 'keyspace', 'username' and 'password'? >> >> >> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ >> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u >> jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR >> Login failure. Did you specify 'keyspace', 'username' and 'password'? >> >> >> Hmm, what am I doing wrong? >> >> - Sameer >> >> >> > > >
