Accumulo has authentication to verify the identity of users.
Accumulo can be configured to use different authentication methods:
Method | Setting for {% plink instance.security.authenticator %} |
---|---|
Password (default) | {% jlink -f org.apache.accumulo.server.security.handler.ZKAuthenticator %} |
[Kerberos]({% durl security/kerberos %}) | {% jlink -f org.apache.accumulo.server.security.handler.KerberosAuthenticator %} |
All authentication methods implement [Authenticator]. The default (password-based) implementation method is described in this document.
When [Accumulo is initialized]({% durl getting-started/quickstart#initialization %}), a root
user is created and given a password. This root
user is used to create other users.
Users can be created in the shell:
root@uno> createuser bob Enter new password for 'bob': **** Please confirm new password for 'bob': ****
In the Java API using [SecurityOperations]:
client.securityOperations().createLocalUser("bob", new PasswordToken("pass"));
Users are authenticated when they [create an Accumulo client]({% durl getting-started/clients#creating-an-accumulo-client %}) or when the log in to the [Accumulo shell]({% durl getting-started/shell %}).
Authentication can also be tested in the shell:
root@myinstance mytable> authenticate bob Enter current password for 'bob': **** Valid
In the Java API using [SecurityOperations]:
boolean valid = client.securityOperations().authenticateUser("bob", new PasswordToken("pass"));
A user's password can changed be in the shell:
root@uno> passwd -u bob Enter current password for 'root': ****** Enter new password for 'bob': ***
In the Java API using [SecurityOperations]:
client.securityOperations().changeLocalUserPassword("bob", new PasswordToken("pass"));
Users can be removed in the shell:
root@uno> dropuser bob dropuser { bob } (yes|no)? yes
In the Java API using [SecurityOperations]:
client.securityOperations().dropLocalUser("bob");
[Authenticator]: {% jurl org.apache.accumulo.server.security.handler.Authenticator %} [SecurityOperations]: {% jurl org.apache.accumulo.core.client.admin.SecurityOperations %}