[
https://issues.apache.org/jira/browse/CASSANDRA-12525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17656032#comment-17656032
]
Stefan Miklosovic commented on CASSANDRA-12525:
-----------------------------------------------
Hi [~xgerman42] ,
thanks for being so persistent!
I have checked your latest changes and the test is not doing what I was
mentioning in my last comment. My suggestion was:
* start the first node (done)
* change the password (not done)
* partition the network (done)
* start the second node (done)
* check that it created the default role (not done)
* "unpartition" the network (not done)
* repair the second node (not done)
* you should be able to connect to the second node with the changed password
(not done)
Doing CQL against a node can be done through Cassandra Java driver (logging in,
changing password ...). Repairing of the node can be done via nodetool. There
is "nodetool" method on IInstance you get from calling cluster.get like
"cluster.get(2).nodetool("repair")". You got the idea.
Do you plan to finish this or do you have any other idea how how to test this
differently? I humbly think the approach I outlined is the most comprehensive
in order to mimic the real-world usage here.
Thanks
> When adding new nodes to a cluster which has authentication enabled, we end
> up losing cassandra user's current crendentials and they get reverted back to
> default cassandra/cassandra crendetials
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-12525
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12525
> Project: Cassandra
> Issue Type: Bug
> Components: Cluster/Schema, Local/Config
> Reporter: Atin Sood
> Assignee: German Eichberger
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 4.x
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> Made the following observation:
> When adding new nodes to an existing C* cluster with authentication enabled
> we end up loosing password information about `cassandra` user.
> Initial Setup
> - Create a 5 node cluster with system_auth having RF=5 and
> NetworkTopologyStrategy
> - Enable PasswordAuthenticator on this cluster and update the password for
> 'cassandra' user to say 'password' via the alter query
> - Make sure you run nodetool repair on all the nodes
> Test case
> - Now go ahead and add 5 more nodes to this cluster.
> - Run nodetool repair on all the 10 nodes now
> - Decommission the original 5 nodes such that only the new 5 nodes are in the
> cluster now
> - Run cqlsh and try to connect to this cluster using old user name and
> password, cassandra/password
> I was unable to connect to the nodes with the original credentials and was
> only able to connect using the default cassandra/cassandra credentials
> From the conversation over IIRC
> `beobal: sood: that definitely shouldn't happen. The new nodes should only
> create the default superuser role if there are 0 roles currently defined
> (including that default one)`
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
