I’m using the default ones, the commented parts are the one I use when I try the PasswordAuthenticator :) (line 19 to 24)
> Le 18 juil. 2018 à 08:51, Horia Mocioi <horia.moc...@ericsson.com> a écrit : > > If this is the file that you are currently using...he first things that > I see is that you do not have any authenticator and role_manager: > > https://github.com/apache/cassandra/blob/1d506f9d09c880ff2b2693e3e27fa5 > 8c02ecf398/conf/cassandra.yaml#L103 > > https://github.com/apache/cassandra/blob/1d506f9d09c880ff2b2693e3e27fa5 > 8c02ecf398/conf/cassandra.yaml#L123 > > On ons, 2018-07-18 at 08:33 +0200, Thomas Lété wrote: >> Unfortunately, I’m not a java dev so I’m not able to create an >> authenticator… >> >> I don’t like to do that usually but I share with you a gist of the >> config, it was generated by OpsCenter when it was free, I just >> updated it for Cassandra >= 3… Maybe you will see something : >> >> https://gist.github.com/bistory/ececc0bef7627f39a21e4e8f0c8d841c >> >>> Le 18 juil. 2018 à 00:28, Horia Mocioi <horia.moc...@ericsson.com> >>> a écrit : >>> >>> Cassandra allows to use custom authenticators so I would create a >>> CustomPasswordAuthenticator. This would be a copy of the existing >>> PasswordAuthenticator. I would add several debugging info like: >>> provided username and password, the output of the checkpw function, >>> what cql statement is executed etc (any other info that would help >>> me to understand what is being executed in the authenticator). >>> From: Thomas Lété <thomas.l...@soprism.com> >>> Sent: Tuesday, July 17, 2018 5:24:39 PM >>> To: user@cassandra.apache.org >>> Subject: Re: System auth empty, how to populate it >>> >>> Thanks for your reply, >>> >>> - I have not defined role_manager in the config >>> - I dropped the users table, it was present in the keyspace >>> - Cassandra then created a record in the roles table, yay ! >>> >>> But when I do clash -u cassandra -p cassandra >>> >>> => Invalid credentials supplied. >>> Authentication error on host xxxxxx: Provided username cassandra >>> and/or password are incorrect >>> >>> I already repaired system_auth a few times, nothing help... >>> >>>> Le 17 juil. 2018 à 16:47, Sam Tunnicliffe <s...@beobal.com> a >>>> écrit : >>>> >>>> The default superuser is only created at startup if 3 conditions >>>> are met: >>>> >>>> i) The default role manager is configured. In cassandra.yaml, you >>>> should see "role_manager: CassandraRoleManager". This is also the >>>> default value, so unless you're explicitly using a custom role >>>> manager it should be good. >>>> ii) The system_auth.users table (legacy, pre-2.2) should not be >>>> present. Present means present in the schema, not on disk. Unlike >>>> most system tables, this table is droppable (in fact this is a >>>> necessary step in upgrading from earlier versions). >>>> iii) There should be no preexisting roles present in the >>>> system_auth.roles table. This is verified with a regular query, >>>> so you must either use CQL to delete existing roles, or remove >>>> the data directories and commit logs on *all* nodes. >>>> >>>> Even if these three conditions are met, but the default user >>>> isn't being created the manual insert that Horia suggested should >>>> work. If system_auth.roles table exists and you are able to >>>> perform the insert, I'm very surprised when you say it's empty >>>> after you issue the insert. If you check again and it turns out >>>> the manual insert is working as expected, you need to make sure >>>> that the legacy tables have been dropped from schema (assuming >>>> you upgraded from a pre-3.0 version at some point). If the legacy >>>> tables are still present, the authenticator will continue to read >>>> from them and so would be ignoring the new entry in the roles >>>> table. (see: https://github.com/apache/cassandra/blob/cassandra-3 >>>> .11.2/NEWS.txt#L619-L640) >>>> >>>> >>>> On 17 July 2018 at 15:18, Thomas Lété <thomas.l...@soprism.com> w >>>> rote: >>>> Yes I did that multiple time, always following the same procedure >>>> : stop Cassandra, on all nodes, remove data, update config then >>>> restart nodes one by one… >>>> >>>> I really don’t understand when I could have done wrong... >>>> >>>>> Le 17 juil. 2018 à 16:15, Simon Fontana Oscarsson <simon.fontan >>>> a.oscars...@ericsson.com> a écrit : >>>>> >>>>> This is very strange behavior if Cassandra won't recreate the >>>> cassandra user when you delete the folder. >>>>> So just to make sure, you are stopping Cassandra on all nodes >>>> and deleting the data directory? >>>>> >>>>> -- >>>>> SIMON FONTANA OSCARSSON >>>>> Software Developer >>>>> >>>>> Ericsson >>>>> Ölandsgatan 1 >>>>> 37133 Karlskrona, Sweden >>>>> simon.fontana.oscars...@ericsson.com >>>>> www.ericsson.com >>>>> >>>>> On tis, 2018-07-17 at 16:01 +0200, Thomas Lété wrote: >>>>>> It’s empty... >>>>>> >>>>>>> >>>>>>> Le 17 juil. 2018 à 15:59, Horia Mocioi <horia.mocioi@ericsson >>>> .com> a écrit : >>>>>>> >>>>>>> Could you also send the output of "select * from >>>> system_auth.roles"? >>>>>>> (you will need to change authenticator to >>>> AllowAllAuthenticator and >>>>>>> authorizer to AllowAllAuthorizer) >>>>>>> >>>>>>> On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote: >>>>>>>> >>>>>>>> Ok I tried that, nothing better (I already tried dropping >>>> the entire >>>>>>>> system_auth folder that way, same result) >>>>>>>> >>>>>>>> When I open the log, I found nothing about « Password » and >>>> when I >>>>>>>> search for « roles », I only find that : >>>>>>>> >>>>>>>> DEBUG [main] 2018-07-17 15:37:39,420 >>>>>>>> CompactionStrategyManager.java:380 - Recreating compaction >>>> strategy - >>>>>>>> disk boundaries are out of date for system_auth.roles. >>>>>>>> DEBUG [main] 2018-07-17 15:37:39,420 >>>> DiskBoundaryManager.java:53 - >>>>>>>> Refreshing disk boundary cache for system_auth.roles >>>>>>>> DEBUG [main] 2018-07-17 15:37:39,422 >>>> DiskBoundaryManager.java:56 - >>>>>>>> Updating boundaries from >>>>>>>> >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandr >>>> a/da >>>>>>>> ta}], positions=[max(9223372036854775807)], ringVersion=3, >>>>>>>> directoriesVersion=0} to >>>>>>>> >>>> DiskBoundaries{directories=[DataDirectory{location=/home/cassandr >>>> a/da >>>>>>>> ta}], positions=[max(9223372036854775807)], ringVersion=16, >>>>>>>> directoriesVersion=0} for system_auth.roles >>>>>>>> >>>>>>>> The configuration I use for Auth is the following : >>>>>>>> >>>>>>>> authorizer: CassandraAuthorizer >>>>>>>> permissions_validity_in_ms: 2000 >>>>>>>> permissions_update_interval_in_ms: 2000 >>>>>>>> authenticator: PasswordAuthenticator >>>>>>>> credentials_validity_in_ms: 2000 >>>>>>>> credentials_update_interval_in_ms: 2000 >>>>>>>> >>>>>>>>> >>>>>>>>> Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson >>>> <simon.fontana.os >>>>>>>>> cars...@ericsson.com> a écrit : >>>>>>>>> >>>>>>>>> Could you try the following steps? >>>>>>>>> >>>>>>>>> Stop Cassandra. >>>>>>>>> Change authenticator in yaml to PasswordAuthenticator if >>>> not >>>>>>>>> already done. >>>>>>>>> Remove data directory with `rm -rf data/system_auth/roles- >>>> *` >>>>>>>>> Start Cassandra. >>>>>>>>> Login with `cqlsh -u cassandra -p cassandra` >>>>>>>>> >>>>>>>>> Works for me. >>>> >>>> >>>> --------------------------------------------------------------- >>>> ------ >>>> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org >>>> For additional commands, e-mail: user-h...@cassandra.apache.org > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org > For additional commands, e-mail: user-h...@cassandra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org For additional commands, e-mail: user-h...@cassandra.apache.org
