Role-based authentication
The business cluster is configured to enable role-based authentication by performing the following steps. The configuration steps are as follows:
Modify the authorization options of the cassandra.yaml
file: authenticator = " The specific value is changed to PasswordAuthenticator. This option forces the role name and password to be required to access the cluster.
Restart the database.
Change the system_auth key space replication factor:
High-risk default value: By default, this role authorization table will only have one file, it has no copy, and it stores roles And permissions.
Solution:
I increased the number of copies by modifying the value of the REPLICATION field of the system_auth table.
1: Log in to cqlsh.
2: Authorization system keyspace system_auth storage role.
Configuration command reference:
ALTER KEYSPACE system_auth
WITH REPLICATION= {'class':'NetworkTopologyStrategy',
'data_center_name': N,
'data_center_name': N};
Actual configuration example:
My cluster only has dc1, and I configure DC1\3 copies,
ALTER KEYSPACE system_auth
WITH REPLICATION= {'class':'NetworkTopologyStrategy',
'dc1': 3};
Run nodetool to repair.
nodetool repair --full system_auth
Reference documents:
https://docs.datastax.com/en/security/5.1/security/secSystemKeyspace. html
https://www.ibm.com/developerworks/cn/opensource/os-cn-apache-cassandra3x5/index.html