Cassandra reducing perfomance when enabling authorization

i have a 6 nodes cassandra cluster, and i want to enable authorization/authentication on it, but i read a few comments of those who administer cassandra and they said that enabling authorization on cassandra reduces performance, is it really so? who has experienced this and how to avoid it


Just my experience here, and it is not meant to discount the experience of others. Since 2012, I have personally built over 200 Apache Cassandra clusters on infra ranging from bare metal, to K8s, to the public clouds; spanning environments from Dev, Stage, Test, and (of course) Production.

Every single one of those clusters (even Dev) had Authorization and Authentication enabled. Some of them also had SSL enabled.

My team was also occasionally asked to assume management of clusters run directly by an application team. Some of those did not have auth enabled. Thus verifying/enabling auth was one of the first tasks that we performed. Latency incurred by activating authentication was often a voiced concern.

That being said, at no point was enabling Cassandra's native auth deemed to be disruptive. In fact, one of the prod clusters with both auth & SSL enabled would routinely post a P95 read latency of less than 5ms, while supporting throughput of up to 250k ops/sec.

In fact, the only time it was ever an issue was when we integrated a few clusters with a 3rd party plugin for LDAP. But Cassandra's own Authentication and Authorization never posed a noticeable issue.

If you find that enabling auth does cause latency, the main tuneable in the cassandra.yaml is credentials_validity_in_ms. It defaults to 2000ms (2 seconds), and represents how often a long running connection refreshes its cached credentials. I've heard of some folks setting that as high as 3 hours (which I think is too high). But if it becomes problematic, increasing that setting should help.