[jira] [Updated] (CASSANDRA-12525) When adding new nodes to a cluster which has authentication enabled, we end up losing cassandra user's current crendentials and they get reverted back to default cassandra/cassandra crendetials

Tue, 06 Dec 2022 05:39:03 -0800 


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-12525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Miklosovic updated CASSANDRA-12525:
------------------------------------------
    Test and Documentation Plan: clean CI and passed added test + manual test  
(was: https://github.com/apache/cassandra/pull/2033)

> When adding new nodes to a cluster which has authentication enabled, we end 
> up losing cassandra user's current crendentials and they get reverted back to 
> default cassandra/cassandra crendetials
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-12525
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12525
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Cluster/Schema, Local/Config
>            Reporter: Atin Sood
>            Assignee: German Eichberger
>            Priority: Normal
>             Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 4.x
>
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> Made the following observation:
> When adding new nodes to an existing C* cluster with authentication enabled 
> we end up loosing password information about `cassandra` user. 
> Initial Setup
> - Create a 5 node cluster with system_auth having RF=5 and 
> NetworkTopologyStrategy
> - Enable PasswordAuthenticator on this cluster and update the password for 
> 'cassandra' user to say 'password' via the alter query
> - Make sure you run nodetool repair on all the nodes
> Test case
> - Now go ahead and add 5 more nodes to this cluster.
> - Run nodetool repair on all the 10 nodes now
> - Decommission the original 5 nodes such that only the new 5 nodes are in the 
> cluster now
> - Run cqlsh and try to connect to this cluster using old user name and 
> password, cassandra/password
> I was unable to connect to the nodes with the original credentials and was 
> only able to connect using the default cassandra/cassandra credentials
> From the conversation over IIRC
> `beobal: sood: that definitely shouldn't happen. The new nodes should only 
> create the default superuser role if there are 0 roles currently defined 
> (including that default one)`



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to