Accumulo has authentication to verify the identity of users.

Configuration

Accumulo can be configured to use different authentication methods:

Method Setting for instance.security.authenticator
Password (default) org.apache.accumulo.server.security.handler.ZKAuthenticator
Kerberos org.apache.accumulo.server.security.handler.KerberosAuthenticator

All authentication methods implement Authenticator. The default (password-based) implementation method is described in this document.

Root user

When Accumulo is initialized, a root user is created and given a password. This root user is used to create other users.

Creating users

Users can be created in the shell:

  1. root@uno> createuser bob
  2. Enter new password for 'bob': ****
  3. Please confirm new password for 'bob': ****

In the Java API using SecurityOperations:

  1. client.securityOperations().createLocalUser("bob", new PasswordToken("pass"));

Authenticating users

Users are authenticated when they create an Accumulo client or when they log in to the Accumulo shell.

Authentication can also be tested in the shell:

  1. root@myinstance mytable> authenticate bob
  2. Enter current password for 'bob': ****
  3. Valid

In the Java API using SecurityOperations:

  1. boolean valid = client.securityOperations().authenticateUser("bob", new PasswordToken("pass"));

Changing user passwords

A user’s password can be changed in the shell:

  1. root@uno> passwd -u bob
  2. Enter current password for 'root': ******
  3. Enter new password for 'bob': ***

In the Java API using SecurityOperations:

  1. client.securityOperations().changeLocalUserPassword("bob", new PasswordToken("pass"));

Removing users

Users can be removed in the shell:

  1. root@uno> dropuser bob
  2. dropuser { bob } (yes|no)? yes

In the Java API using SecurityOperations:

  1. client.securityOperations().dropLocalUser("bob");