Accumulo 2.x Documentation >> Security >> Authentication
Authentication
Edit this pageAccumulo has authentication to verify the identity of users.
Configuration
Accumulo can be configured to use different authentication methods:
| Method | Setting for instance.security.authenticator |
|---|---|
| Password (default) | org.apache.accumulo.server.security.handler.ZKAuthenticator |
| Kerberos | org.apache.accumulo.server.security.handler.KerberosAuthenticator |
All authentication methods implement Authenticator. The default (password-based) implementation method is described in this document.
Root user
When Accumulo is initialized, a root user is created and given
a password. This root user is used to create other users.
Creating users
Users can be created in the shell:
root@uno> createuser bob
Enter new password for 'bob': ****
Please confirm new password for 'bob': ****
In the Java API using SecurityOperations:
client.securityOperations().createLocalUser("bob", new PasswordToken("pass"));
Authenticating users
Users are authenticated when they create an Accumulo client or when they log in to the Accumulo shell.
Authentication can also be tested in the shell:
root@myinstance mytable> authenticate bob
Enter current password for 'bob': ****
Valid
In the Java API using SecurityOperations:
boolean valid = client.securityOperations().authenticateUser("bob", new PasswordToken("pass"));
Changing user passwords
A user’s password can be changed in the shell:
root@uno> passwd -u bob
Enter current password for 'root': ******
Enter new password for 'bob': ***
In the Java API using SecurityOperations:
client.securityOperations().changeLocalUserPassword("bob", new PasswordToken("pass"));
Removing users
Users can be removed in the shell:
root@uno> dropuser bob
dropuser { bob } (yes|no)? yes
In the Java API using SecurityOperations:
client.securityOperations().dropLocalUser("bob");