Authentication

Enabling Authentication

Procedure

1. For each Scylla node in the cluster edit the scylla.yaml file, edit the authenticator parameter to PasswordAuthenticator, the file can be found under /etc/scylla/

authenticator: AllowAllAuthenticator --> authenticator: PasswordAuthenticator
  1. Set the system_auth keyspace replication factor to 3 - 5 nodes per datacenter:
  • Single DC (SimpleStrategy)
ALTER KEYSPACE system_auth WITH REPLICATION =
  { 'class' : 'SimpleStrategy', 'replication_factor' : <new_rf> };
  • Multi - DC (NetworkTopologyStrategy)
ALTER KEYSPACE system_auth WITH REPLICATION =
  {'class' : 'NetworkTopologyStrategy', 'dc1' : <new_rf>, 'dc2' : <new_rf>};

Without this step, one node failure can cause denial of access to the cluster

  1. Restart Scylla
sudo systemctl restart scylla-server
  1. Start cqlsh with the username and password (default username is cassandra default password is cassandra)
cqlsh -u cassandra -p cassandra

It is highly recommended to use secured username and password

Security