How to reset a lost Cassandra admin user's password?

cassandra cassandra-2.0
12,726

Solution 1

Solved with the following steps:

  1. Change authenticator in cassandra.yaml to AllowAllAuthenticator and restart Cassandra
  2. cqlsh
  3. update system_auth.credentials set salted_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='cassandra';
  4. Exit cqlsh
  5. Change authenticator back to PasswordAuthenticator and restart Cassandra

Now you can log in with

cqlsh -u cassandra -p cassandra

and change the password to something else.

Solution 2

The hash has changed for Cassandra 2.1:

  1. Switch to authenticator: AllowAllAuthenticator
  2. Restart cassandra
  3. UPDATE system_auth.credentials SET salted_hash = '$2a$10$H46haNkcbxlbamyj0OYZr.v4e5L08WTiQ1scrTs9Q3NYy.6B..x4O' WHERE username='cassandra';
  4. Switch back to authenticator: PasswordAuthenticator
  5. Restart cassandra
  6. Login as cassandra/cassandra
  7. CREATE USER and ALTER USER to your heart's content.

Solution 3

As of cassandra 2.0

ALTER USER cassandra WITH PASSWORD 'password';

If you want to add a user.

// CREATE USER uname WITH PASSWORD 'password'; // add new user
// GRANT all ON ALL KEYSPACES to uname;    // grant permissions to new user

Verify your existing users with LIST USERS;

EDIT

Oh boy, this is gona be fun! So, I found one hacktastic way but it requires changing sourcecode.

First a high level overview:

  1. Edit source so you can make changes to the system_auth.credentials column family
  2. Change the authenticator to AllowAllAuthenticator
  3. Start C*
  4. Log in with cqlsh without needing a password
  5. Update the cassandra user's hash password
  6. Undo the source changes and change back to PasswordAuthenticator.

Step 1 - edit source

Open the C* source and go to package org.apache.cassandra.service.ClientState; Find the validateLogin() and ensureNotAnonymous() functions and comment all contained coude out so you end up with:

public void validateLogin() throws UnauthorizedException
{
    // if (user == null)
    //    throw new UnauthorizedException("You have not logged in");
}

public void ensureNotAnonymous() throws UnauthorizedException
{
    validateLogin();
    // if (user.isAnonymous())
    //    throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request");
}

Step2 - Change to AllowAllAuthenticator in cassandra.yaml Step3 & 4 - Simple! Step 5 - Execute this insert statement from cqlsh:

insert into system_auth.credentials (username, options, salted_hash) 
VALUES ('cassandra', null, '$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu');

Note* step 5 will work assuming the user named 'cassandra' has already been created. If you have another user created just switch the username you are inserting (this procedure resets a password, it doesn't add a new user).

Step 6 Fix the source by uncommenting validateLogin() and ensureNotAnonymous() and switch back to the PasswordAuthenticator in cassandra.yaml, you should now have access to cqlsh via ./cqlsh -u cassandra -p cassandra

Share:
12,726

Related videos on Youtube

Eemeli Kantola
Author by

Eemeli Kantola

Currently working at Futurice as a software consultant

Updated on June 04, 2022

Comments

  • Eemeli Kantola
    Eemeli Kantola almost 2 years

    I have full access to the Cassandra installation files and a PasswordAuthenticator configured in cassandra.yaml. What do I have to do to reset admin user's password that has been lost, while keeping the existing databases intact?

  • Eemeli Kantola
    Eemeli Kantola over 10 years
    ALTER USER is not an option since the admin password is lost and I don't have access to cqlsh console. Also changing the authenticator to AllowAllAuthenticator doesn't help, because in that case ALTER USER doesn't work even if I can access the console.
  • Lyuben Todorov
    Lyuben Todorov over 10 years
    @EemeliKantola Sorry, I incorrectly though you had access to cqlsh with admin privileges! I posted a fix but it sadly requires changing source.
  • Eemeli Kantola
    Eemeli Kantola over 10 years
    The situation that the admin password was lost is stated in the title, but I edited the question body to re-state that for clarity.
  • Eemeli Kantola
    Eemeli Kantola over 10 years
    The problem got solved in a simpler way, with no code modifications needed.
  • ealfonso
    ealfonso almost 7 years
    I'm getting the following: InvalidRequest: code=2200 [Invalid query] message="unconfigured table credentials"
  • ealfonso
    ealfonso almost 7 years
    I'm getting the following: InvalidRequest: code=2200 [Invalid query] message="unconfigured table credentials"

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

copy one table to another in cassandra
What is the best way to expose Cassandra REST API to web?
Cassandra LOCAL_QUORUM
Cassandra ReadTimeout when querying existing data
How to set Cassandra (>2.0) JVM heap size of 8GB?
batch size of prepared statement in spring data cassandra
What are best practices for backing up a cassandra cluster?
No appropriate python interpreter found. Cassandra
cassandra.InvalidRequest: code=2200 [Invalid query] message="Keyspace '' does not exist"
Use of Order by clause in cassandra