Return-Path: 
 <user-return-27278-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-user-archive@www.apache.org
Delivered-To: apmail-cassandra-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8571B9EA4
	for <apmail-cassandra-user-archive@www.apache.org>;
 Fri, 29 Jun 2012 10:45:25 +0000 (UTC)
Received: (qmail 69391 invoked by uid 500); 29 Jun 2012 10:45:23 -0000
Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org
Received: (qmail 69203 invoked by uid 500); 29 Jun 2012 10:45:21 -0000
Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@cassandra.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@cassandra.apache.org>
List-Post: <mailto:user@cassandra.apache.org>
List-Id: <user.cassandra.apache.org>
Reply-To: user@cassandra.apache.org
Delivered-To: mailing list user@cassandra.apache.org
Received: (qmail 69180 invoked by uid 99); 29 Jun 2012 10:45:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jun 2012 10:45:20 +0000
X-ASF-Spam-Status: No, hits=0.0 required=5.0
	tests=FSL_RCVD_USER,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of peter.dijkshoorn@adyen.com
 designates 95.142.103.67 as permitted sender)
Received: from [95.142.103.67] (HELO relay.adyen.com) (95.142.103.67)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jun 2012 10:45:12 +0000
Received: from localhost (localhost [127.0.0.1])
	by relay.adyen.com (Postfix) with ESMTP id E6BFB14AD
	for <user@cassandra.apache.org>; Fri, 29 Jun 2012 12:44:51 +0200 (CEST)
X-Virus-Scanned: Anonymous Virus Scanner for Adyen
Received: from relay.adyen.com ([127.0.0.1])
	by localhost (relay1.adyen.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id WcfxSeNaDKDT for <user@cassandra.apache.org>;
	Fri, 29 Jun 2012 12:44:46 +0200 (CEST)
Received: from adyen.com (unknown [95.142.103.66])
	by relay.adyen.com (Postfix) with ESMTP id 5DC99145D
	for <user@cassandra.apache.org>; Fri, 29 Jun 2012 12:44:46 +0200 (CEST)
Received: from [192.168.9.55] (ip-80-113-16-26.ip.prioritytelecom.net
 [80.113.16.26])
	by adyen.com (Postfix) with ESMTP id 39354F6C335
	for <user@cassandra.apache.org>; Fri, 29 Jun 2012 12:44:46 +0200 (CEST)
Message-ID: <4FED871D.60100@adyen.com>
Date: Fri, 29 Jun 2012 12:44:45 +0200
From: Peter Dijkshoorn <peter.dijkshoorn@adyen.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: user@cassandra.apache.org
Subject: Re: Cassandra Authentication
References: 
 <CAM0NdiuBeTL8nRvKjmHMJbodCBMYFy=M9B65o+vqj2_QWGGARw@mail.gmail.com>
 <CFC55D6D-58AE-4C7E-813E-3CC132825AB3@gmail.com>
In-Reply-To: <CFC55D6D-58AE-4C7E-813E-3CC132825AB3@gmail.com>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

You can build a jar from the SimpleAuthenticator and SimpleAuthority
classes found in the examples.
Then put the jar on the classpath of the cassandra, nicest way is to
modify the startup script:
put an s with options on line 148 in bin/cassandra:

args=`getopt vfhp:bD: "$@"`

becomes (note the added s)

args=`getopt vfhsp:bD: "$@"`

and add the -s case in the switch statement (line 173 for example) below
with these lines (do enter the right location to the jar, possibly put
it in the cassandra lib and find out the proper var):

        -s)
           
CLASSPATH="$CLASSPATH:/home/peterd/workspaces/uno/CassandraAuthenticator/CassandraSecure.jar"
            properties="$properties
-Dpasswd.properties=$CASSANDRA_CONF/passwd.properties
-Daccess.properties=$CASSANDRA_CONF/access.properties"
            shift
        ;;


Then create the access.properties file and passwd.properties file in
your cassandra config directory
passwd.properties ahs the format
jsmith=pass

and access.properties has format:
<modify-keyspaces>=jsmith
Keyspace1.<ro>=jsmith,Elvis Presley
Keyspace1.Standard1.<rw>=jsmith,Elvis Presley,dilbert

which are all self-explanatory I guess.



Good luck!

Peter Dijkshoorn
Adyen - Payments Made Easy
www.adyen.com

Visiting address:    	        Mail Address:             
Simon Carmiggeltstraat 6-50    	P.O. Box 10095
1011 DJ Amsterdam               1001 EB Amsterdam
The Netherlands                 The Netherlands

Office +31.20.240.1240
Email peter.dijkshoorn@adyen.com


On 06/29/2012 06:58 AM, Mohit Anchlia wrote:
>
> Sent from my iPad
>
> On Jun 28, 2012, at 8:45 AM, Christof Bornhoevd <cbornhoevd@gmail.com> wrote:
>
>> Hi,
>>  
>> we are using Cassandra v1.0.8 with Hector v1.0-5 and would like to move our current system to an operational setting based on Amazon AWS. What are best practices for addessing security for Cassandra on AWS. Besides Security Groups in AWS how is Cassandra Client to Cluster authentication handled best? There used to be a SimpleAuthenticator that has been moved to Examples.
>>  
>> Any recommendations/experiences that you could share? Any hints and guidance is higly appreciated.
>>  
> Cassandra doesn't provide any security features so far. We wrote our own pluggable authoz and authn that plugs into ldap. You might want to right something of your own that plugs in was auto
>> Cheers and thanks a lot for any kind help!
>> Christof