Hello !
Recently I have noticed some clients are having errors almost every time
they try to contact my Cassandra cluster.
The error messages vary but there is one constant : *It's not constant* !
Let me show you :
>From the client host :
`cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p my_password
cassandra_address 9042`
The CL commands will fail half of the time :
```
cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
AND LOGIN=TRUE;
InvalidRequest: Error from server: code=2200 [Invalid query]
message="org.apache.cassandra.auth.CassandraRoleManager doesn't support
PASSWORD"
cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
AND LOGIN=TRUE;
```
Same with grants :
```
cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
to be logged in and not anonymous to perform this request"
cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
```
Same with `list roles` :
```
cassandra_vault_superuser@cqlsh> list roles;
role | super | login |
options
----------------------------------------------------------+-------+-------+---------
cassandra | True | True
| {}
[...]
cassandra_vault_superuser@cqlsh> list roles;
Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
to be logged in and not anonymous to perform this request"
```
My Cassandra (3.0.18) configuration seems correct :
```
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
role_manager: CassandraRoleManager
```
The system_auth schema seems correct as well :
`CREATE KEYSPACE system_auth WITH replication = {'class':
'NetworkTopologyStrategy', 'my_dc': '3'} AND durable_writes = true;`
I am only having those errors when :
* I am on a non local client.
* Via `cqlsh`
* Or via the vaultproject client (
https://www.vaultproject.io/docs/secrets/databases/cassandra.html) (1 error
occurred: You have to be logged in and not anonymous to perform this
request)
If I am using cqlsh (with authentification) but from a Cassandra node it
works 100% of the time.
Any idas abut what might be going wrong ?
Regards,
Leo
