How to reset Cassandra superuser, when Cassandra does not know 'cassandra' default user?
I don't know for sure, but there's a good chance that the hash you used above changes with each version, and may be particular to a specific version of Cassandra. With that in-mind, you could (in-theory) install the same version in a VM, and then query that machine's system_auth.credentials
for the cassandra user's salted_hash
. Had it not been for the question you linked above, I never would have thought to try that.
Otherwise, this next option WILL work.
- Stop your Cassandra cluster.
On each node,
cd
down to yourdata
directory, and execute:$ mv system_auth system_auth_20140814
Restart each node.
As long as the authenticator is still set (in your cassandra.yaml) to use the PasswordAuthenticator
, Cassandra will rebuild the system_auth
keyspace, with the default Cassandra super user, which you can use with cqlsh
to get back in.
$ ./cqlsh -u cassandra -p cassandra
Connected to MyCluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 2.1.0-rc5-SNAPSHOT | CQL spec 3.2.0 | Native protocol v3]
Use HELP for help.
cqlsh>
Notes:
- You will have to re-add all of your users, and re-apply all off their permissions.
- Instead of renaming (
mv
) thesystem_auth
directory, you could also just delete it (rm
). - You will have to re-apply the appropriate replication settings to your
system_auth
keyspace. By default,system_auth
only has a replication factor of 1.
LadyWoodi
Updated on June 04, 2022Comments
-
LadyWoodi about 2 years
How to reset default Cassandra credentials without changing source code?
I have check similar problems like How to reset a lost Cassandra admin user's password?. I have three node cluster of Datastax Cassandra 2.0.8 and I am trying to implement authentication. I have set cassandra.yaml in all nodes and restarted them. Problem is that I still cannot login in to cqlsh.
I have also tried to reset password for cassandra user in cqlsh(I have disabled authentication for that):
update system_auth.credentials set salted_hash='$2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pwquu' where username='cassandra';
In logs there is Info about creating cassandra superuser. I have checked keyspace system_auth and it includes credentials,permissions and users. And credentials column family does contain user cassandra:
cqlsh> use system_auth; cqlsh:system_auth> select * from credentials; username | options | salted_hash -----------+---------+---------------------------------------------------------- ---- cassandra | null | $2a$10$vbfmLdkQdUz3Rmw.fF7Ygu6GuphqHndpJKTvElqAciUJ4SZ3pw quu (1 rows)
But still, when I try:
./cqlsh -u cassandra -p cassandra
I get exception, that user does not exists, but I dont have permissions to create one.
cql.cassandra.ttypes.AuthenticationException: AuthenticationException(why="User cassandra doesn't exist - create it with CREATE USER query first")