As of cassandra 2.0
ALTER USER cassandra WITH PASSWORD 'password';
If you want to add a user.
// CREATE USER uname WITH PASSWORD 'password'; // add new user
// GRANT all ON ALL KEYSPACES to uname; // grant permissions to new user
Verify your existing users with LIST USERS;
EDIT
Oh boy, this is gona be fun! So, I found one hacktastic way but it requires changing sourcecode.
First a high level overview:
- Edit source so you can make changes to the system_auth.credentials column family
- Change the authenticator to AllowAllAuthenticator
- Start C*
- Log in with cqlsh without needing a password
- Update the cassandra user's hash password
- Undo the source changes and change back to PasswordAuthenticator.
Step 1 - edit source
Open the C* source and go to package org.apache.cassandra.service.ClientState
;
Find the validateLogin()
and ensureNotAnonymous()
functions and comment all contained coude out so you end up with:
public void validateLogin() throws UnauthorizedException
{
// if (user == null)
// throw new UnauthorizedException("You have not logged in");
}
public void ensureNotAnonymous() throws UnauthorizedException
{
validateLogin();
// if (user.isAnonymous())
// throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request");
}
Step2 - Change to AllowAllAuthenticator in cassandra.yaml
Step3 & 4 - Simple!
Step 5 - Execute this insert statement from cqlsh:
insert into system_auth.credentials (username, options, salted_hash)
VALUES ('cassandra', null, '$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu');
Note* step 5 will work assuming the user named 'cassandra' has already been created. If you have another user created just switch the username you are inserting (this procedure resets a password, it doesn't add a new user).
Step 6 Fix the source by uncommenting validateLogin()
and ensureNotAnonymous()
and switch back to the PasswordAuthenticator in cassandra.yaml, you should now have access to cqlsh via ./cqlsh -u cassandra -p cassandra