Accumulo 2.x Documentation  >>  Security  >>  Authentication

Authentication

Accumulo has authentication to verify the identity of users.

Configuration

Accumulo can be configured to use different authentication methods:

Method Setting for instance.security.authenticator
Password (default) org.apache.accumulo.server.security.handler.ZKAuthenticator
Kerberos org.apache.accumulo.server.security.handler.KerberosAuthenticator

All authentication methods implement Authenticator. The default (password-based) implementation method is described in this document.

Root user

When Accumulo is initialized, a root user is created and given a password. This root user is used to create other users.

Creating users

Users can be created in the shell:

root@uno> createuser bob
Enter new password for 'bob': ****
Please confirm new password for 'bob': ****

In the Java API using SecurityOperations:

client.securityOperations().createLocalUser("bob", new PasswordToken("pass"));

Authenticating users

Users are authenticated when they create an Accumulo client or when the log in to the Accumulo shell.

Authentication can also be tested in the shell:

root@myinstance mytable> authenticate bob
Enter current password for 'bob': ****
Valid

In the Java API using SecurityOperations:

boolean valid = client.securityOperations().authenticateUser("bob", new PasswordToken("pass"));

Changing user passwords

A user’s password can changed be in the shell:

root@uno> passwd -u bob
Enter current password for 'root': ******
Enter new password for 'bob': ***

In the Java API using SecurityOperations:

client.securityOperations().changeLocalUserPassword("bob", new PasswordToken("pass"));

Removing users

Users can be removed in the shell:

root@uno> dropuser bob
dropuser { bob } (yes|no)? yes

In the Java API using SecurityOperations:

client.securityOperations().dropLocalUser("bob");
Find documentation for all releases in the archive