-
Notifications
You must be signed in to change notification settings - Fork 0
Using_a_Secured_Thrift_API
Joe Winter edited this page Sep 4, 2014
·
1 revision
Doradus Configuration and Operation : Doradus Configuration Files : Doradus Security Options : Using a Secured Thrift API
Using a Secured Thrift API
As described in the section Securing the Thrift Protocol, by default Cassandra’s Thrift API is not secured. Encrypted communication for this protocol is available, but Doradus currently does not support it. Instead, basic user id/password authentication can be added to the Thrift API.
To use basic authentication, Doradus must be configured to use user ID and password that Cassandra will recognize. By default, in the Doradus script {doradus_home}/bin/doradus-server.bat sets the following JVM define to identify the file that contains the Cassandra database user ID and password:
-Dpasswd.properties=passwd.properties
The passwd.properties file resides in the {doradus_home}/config folder. You should edit it to contain two lines that define the user ID and password:
dbusername=Doradus
dbpassword=changeit
The value of dbusername and dbpassword should match the user ID/password you defined in Cassandra’s configuration, as described in the section Securing the Thrift Protocol.
Next, tell Doradus to use the an authentication class by setting the dbauthenticator parameter in the doradus.yaml file. Example:
dbauthenticator: com.dell.doradus.service.db.SimpleAuthenticator
Once these parameters are set and Cassandra is appropriately configured, Doradus will use this authentication mechanism for all connections using the Thrift API.