cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <SEAN_R_DUR...@homedepot.com>
Subject Turning on internal security with no downtime
Date Wed, 25 Feb 2015 22:03:54 GMT
Cassandra 1.2.19

We would like to turn on Cassandra's internal security (PasswordAuthenticator and CassandraAuthorizer)
on the ring (away from AllowAll). (Clients are already passing credentials in their connections.)
However, I know all nodes have to be switched to those before the basic security objects (system_auth)
are created. So, an outage would be required to change all the nodes, let system_auth get
created, alter system_auth for replication strategy, create all the users/permissions, repair
system_auth.

For DataStax, there is a TransitionalAuthorizer that allows the system_auth to get created,
but doesn't really require passwords. So, with a double, rolling bounce, you can implement
security with no downtime. Anything like that for open source? Any other ways you have activated
security without downtime?



Sean R. Durity



________________________________

The information in this Internet Email is confidential and may be legally privileged. It is
intended solely for the addressee. Access to this Email by anyone else is unauthorized. If
you are not the intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed
to our clients any opinions or advice contained in this Email are subject to the terms and
conditions expressed in any applicable governing The Home Depot terms of business or client
engagement letter. The Home Depot disclaims all responsibility and liability for the accuracy
and content of this attachment and for any damages or losses arising from any inaccuracies,
errors, viruses, e.g., worms, trojan horses, etc., or other items of a destructive nature,
which may be contained in this attachment and shall not be liable for direct, indirect, consequential
or special damages in connection with this e-mail message or its attachment.

Mime
View raw message