Question

Am trying to login cqlsh shell with kerberos enabled cassandra cluster. I was able to login to the cqlsh shell with the cassandra user but I was unable to login with any other user.

If I try to login with say test user then it shows the below error for me.

Connection error: User test@REALM.COM doesn't exist - create it with CREATE USER query first

But in my users table I had the test user in it.

cqlsh> SELECT * FROM system_auth.users ;

 name      | super

-----------+-------

  test     | False

 cassandra |  True

Test user has ticket for the kerberos. Can anyone help me please.

Was it helpful?

Solution

Your username in the system_auth.users table is wrong. For kerberos, you should use fully qualified user names, including the realm part. This is because you may want to have two users with the same name, but different realms.

The cassandra user is special - we didn't want to hardcode any particular realm name so we decided to strip realm from this one particular user.

So your users table should look like this:

 name              | super
-------------------+-------
 test@REALM.COM    | False
 cassandra         |  True
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top