Was this page helpful?
Caution
You're viewing documentation for a previous version. Switch to the latest stable version.
Configure SaslauthdAuthenticator¶
Scylla can outsource authentication to a third-party utility named saslauthd, which, in turn,supports many different authentication mechanisms. Scylla accomplishes this by providing a custom authenticator named SaslauthdAuthenticator. This procedure explains how to install and configure it. Once configured, any login to Scylla is authenticated with the SaslauthdAuthenticator.
Procedure
- Install saslauthd. The easiest way is via a Linux package, if your package manager supports it. Choose a package according to your distro. - Use the - cyrus-saslpackage- Use the - sasl2-binpackage
- Enable the saslauthd service. Run: - systemctl enable saslauthd.service 
- Configure saslauthd: choose the authentication mechanism (e.g., LDAP or PAM) and set the appropriate mechanism-specific parameters by following the saslauthd documentation. - Note - If you are configuring saslauthd for LDAP, use the configuration details which are specific for Scylla. 
- After every configuration change, restart the saslauthd service. - systemctl restart saslauthd.service 
- Test your configuration using the testsaslauthd command. Verify you see a success message. If not, verify that the user name and password are correct and then look at the saslauthd logs ( run - dmesg -H, and look for- LOG_AUTH) to diagnose problems.
- Find the mux file (saslauthd’s Unix domain socket) and note its full path. - Usually, it is /run/saslauthd/mux - Usually, it is /var/run/sasl2/mux 
- Once saslauthd is correctly configured and running, you modify the scylla.yaml configuration file, so communication can begin. Modify the following entries: - authenticator: com.scylladb.auth.SaslauthdAuthenticator
- saslauthd_socket_path: /path/to/the/mux
 
- Restart the Scylla server. From now on, Scylla will authenticate all login attempts via saslauthd. - sudo systemctl restart scylla-server - docker exec -it some-scylla supervisorctl restart scylla - (without restarting some-scylla container) 
- Create Scylla roles which match the same roles in the LDAP server. To create a role, refer to the CQL Reference and the RBAC example.