incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aaron morton <aa...@thelastpickle.com>
Subject Re: Questions about using MD5 encryption with SimpleAuthenticator
Date Tue, 17 May 2011 20:03:27 GMT
Use the plain text password via the cli, the server will make a hash and compare it to the
one in the file. 

wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the problem of storing
passwords in plain text in a file. 

Hope that helps. 

-----------------
Aaron Morton
Freelance Cassandra Developer
@aaronmorton
http://www.thelastpickle.com

On 17 May 2011, at 10:59, Sameer Farooqui wrote:

> By the way, just noticed a typo in my email below. I'm using the correct keyspace name
in all locations on the cluster... however in my examples below, I used MyKeyspace in some
spots and MDR in other spots, but in the cluster I'm specifying the same keyspace name everywhere,
so that's not the issue.
> 
> - Sameer
> 
> 
> On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandralabs@gmail.com> wrote:
> Hi all,
> 
> We are trying to use MD5 encrypted passwords. Quick question first - Is SHA-2 supported
yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 "should be considered
cryptographically broken and unsuitable for further use”, and SHA-2 family of hash functions
is recommended.
> 
> The issue I'm seeing is that when I turn on MD5 encryption, I can't log into the cluster
from Cassandra-CLI (I get a login failure).
> 
> The cassandra.in.sh file has been changed as so:
> 
> JVM_OPTS="
>         -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties
\
>         -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties
\
>         -Dpasswd.mode=MD5"
> 
> 
> And I ran this python script to generate a MD5 hash:
> ubuntu@darknet:~$ python
> Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39)
> [GCC 4.4.5] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
> >>> from hashlib import md5
> >>> p = "nosql"
> >>> h = md5(p).hexdigest()
> >>> print h
> 9fa1b39e7eb877367213e6f7e37d0b01
> 
> 
> Then I updated the passwd.properties file with the new hashed password:
> jdoe=9fa1b39e7eb877367213e6f7e37d0b01
> 
> 
> Also, the access.properties file is properly set so that jdoe has rw access to the keyspace
and CF:
> MyKeyspace.<rw>=jdoe,jsmith
> MyKeyspace.MyCF.<rw>=jsmith,jdoe
> 
> 
> But when I try to connect to the cluster now, I'm getting a login failure. I have tried
a few different ways of connecting:
> 
> Ran this from the Cassandra CLI: 
> [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe '9fa1b39e7eb877367213e6f7e37d0b01';
> Login failure. Did you specify 'keyspace', 'username' and 'password'?
> 
> 
> Ran these from the Ubuntu CLI:
> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com
-p 9160 -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR
> Login failure. Did you specify 'keyspace', 'username' and 'password'?
> 
> 
> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com
-p 9160 -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR
> Login failure. Did you specify 'keyspace', 'username' and 'password'?
> 
> 
> Hmm, what am I doing wrong?
> 
> - Sameer
> 
> 
> 


Mime
View raw message