cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Atin Sood (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-12525) When adding new nodes to a cluster which has authentication enabled, we end up losing cassandra user's current crendentials and they get reverted back to default cassandra/cassandra crendetials
Date Thu, 01 Sep 2016 02:23:22 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15454064#comment-15454064
] 

Atin Sood commented on CASSANDRA-12525:
---------------------------------------

Sam, unfortunately don't have these handy ATM, but let me try to get these by next week. We
were able to consistently replicate this and have the cluster handy in dev, so let me get
you the logs as soon as I free up from my day to day work.

Appreciate you looking into this.

> When adding new nodes to a cluster which has authentication enabled, we end up losing
cassandra user's current crendentials and they get reverted back to default cassandra/cassandra
crendetials
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-12525
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12525
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Configuration
>            Reporter: Atin Sood
>            Priority: Minor
>
> Made the following observation:
> When adding new nodes to an existing C* cluster with authentication enabled we end up
loosing password information about `cassandra` user. 
> Initial Setup
> - Create a 5 node cluster with system_auth having RF=5 and NetworkTopologyStrategy
> - Enable PasswordAuthenticator on this cluster and update the password for 'cassandra'
user to say 'password' via the alter query
> - Make sure you run nodetool repair on all the nodes
> Test case
> - Now go ahead and add 5 more nodes to this cluster.
> - Run nodetool repair on all the 10 nodes now
> - Decommission the original 5 nodes such that only the new 5 nodes are in the cluster
now
> - Run cqlsh and try to connect to this cluster using old user name and password, cassandra/password
> I was unable to connect to the nodes with the original credentials and was only able
to connect using the default cassandra/cassandra credentials
> From the conversation over IIRC
> `beobal: sood: that definitely shouldn't happen. The new nodes should only create the
default superuser role if there are 0 roles currently defined (including that default one)`



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message