You can build a jar from the SimpleAuthenticator and SimpleAuthority
classes found in the examples.
Then put the jar on the classpath of the cassandra, nicest way is to
modify the startup script:
put an s with options on line 148 in bin/cassandra:
args=`getopt vfhp:bD: "$@"`
becomes (note the added s)
args=`getopt vfhsp:bD: "$@"`
and add the -s case in the switch statement (line 173 for example) below
with these lines (do enter the right location to the jar, possibly put
it in the cassandra lib and find out the proper var):
-s)
CLASSPATH="$CLASSPATH:/home/peterd/workspaces/uno/CassandraAuthenticator/CassandraSecure.jar"
properties="$properties
-Dpasswd.properties=$CASSANDRA_CONF/passwd.properties
-Daccess.properties=$CASSANDRA_CONF/access.properties"
shift
;;
Then create the access.properties file and passwd.properties file in
your cassandra config directory
passwd.properties ahs the format
jsmith=pass
and access.properties has format:
<modify-keyspaces>=jsmith
Keyspace1.<ro>=jsmith,Elvis Presley
Keyspace1.Standard1.<rw>=jsmith,Elvis Presley,dilbert
which are all self-explanatory I guess.
Good luck!
Peter Dijkshoorn
Adyen - Payments Made Easy
www.adyen.com
Visiting address: Mail Address:
Simon Carmiggeltstraat 6-50 P.O. Box 10095
1011 DJ Amsterdam 1001 EB Amsterdam
The Netherlands The Netherlands
Office +31.20.240.1240
Email peter.dijksho...@adyen.com
On 06/29/2012 06:58 AM, Mohit Anchlia wrote:
>
> Sent from my iPad
>
> On Jun 28, 2012, at 8:45 AM, Christof Bornhoevd <cbornho...@gmail.com> wrote:
>
>> Hi,
>>
>> we are using Cassandra v1.0.8 with Hector v1.0-5 and would like to move our
>> current system to an operational setting based on Amazon AWS. What are best
>> practices for addessing security for Cassandra on AWS. Besides Security
>> Groups in AWS how is Cassandra Client to Cluster authentication handled
>> best? There used to be a SimpleAuthenticator that has been moved to Examples.
>>
>> Any recommendations/experiences that you could share? Any hints and guidance
>> is higly appreciated.
>>
> Cassandra doesn't provide any security features so far. We wrote our own
> pluggable authoz and authn that plugs into ldap. You might want to right
> something of your own that plugs in was auto
>> Cheers and thanks a lot for any kind help!
>> Christof
