Hi Leo
my guess would be that your configuration is not consistent across all nodes in
the cluster. The responses you’re seeing are totally indicative of being
connected to a node where PasswordAuthenticator is not enabled in
cassandra.yaml.
Thanks,
Sam
> On 14 Mar 2019, at 10:56, Léo FERLIN SUTTON <lfer...@mailjet.com.INVALID>
> wrote:
>
> Hello !
>
> Recently I have noticed some clients are having errors almost every time they
> try to contact my Cassandra cluster.
>
> The error messages vary but there is one constant : It's not constant ! Let
> me show you :
>
> From the client host :
>
> `cqlsh --cqlversion "3.4.0" -u cassandra_superuser -p my_password
> cassandra_address 9042`
>
> The CL commands will fail half of the time :
>
> ```
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
> AND LOGIN=TRUE;
> InvalidRequest: Error from server: code=2200 [Invalid query]
> message="org.apache.cassandra.auth.CassandraRoleManager doesn't support
> PASSWORD"
> cassandra_vault_superuser@cqlsh> CREATE ROLE leo333 WITH PASSWORD = 'leo4'
> AND LOGIN=TRUE;
> ```
>
> Same with grants :
> ```
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
> to be logged in and not anonymous to perform this request"
> cassandra_vault_superuser@cqlsh> GRANT read_write_role TO leo333;
> ```
>
> Same with `list roles` :
> ```
> cassandra_vault_superuser@cqlsh> list roles;
>
> role | super | login |
> options
> ----------------------------------------------------------+-------+-------+---------
> cassandra | True | True |
> {}
> [...]
>
> cassandra_vault_superuser@cqlsh> list roles;
> Unauthorized: Error from server: code=2100 [Unauthorized] message="You have
> to be logged in and not anonymous to perform this request"
> ```
>
> My Cassandra (3.0.18) configuration seems correct :
> ```
> authenticator: PasswordAuthenticator
> authorizer: CassandraAuthorizer
> role_manager: CassandraRoleManager
> ```
>
> The system_auth schema seems correct as well :
> `CREATE KEYSPACE system_auth WITH replication = {'class':
> 'NetworkTopologyStrategy', 'my_dc': '3'} AND durable_writes = true;`
>
>
> I am only having those errors when :
>
> * I am on a non local client.
> * Via `cqlsh`
> * Or via the vaultproject client
> (https://www.vaultproject.io/docs/secrets/databases/cassandra.html
> <https://www.vaultproject.io/docs/secrets/databases/cassandra.html>) (1 error
> occurred: You have to be logged in and not anonymous to perform this request)
>
> If I am using cqlsh (with authentification) but from a Cassandra node it
> works 100% of the time.
>
> Any idas abut what might be going wrong ?
>
> Regards,
>
> Leo
>
