Cassandra's Extensible Authentication/Authorization
Cassandra uses an extensible authentication/authorization mechanism found in the org.apache.cassandra.auth Java source package. It is configured in conf/storage-conf.xml (0.6.x) and conf/cassandra.yaml (0.7+). 0.6 uses the IAuthenticator interface to provide both authentication and authorization, but 0.7 splits the interface into IAuthenticator to provide authentication, and IAuthority to provide authorization.
There are two complementary implementations of these interfaces built-in:
The default AllowAllAuthenticator (and AllowAllAuthority in 0.7) approach is essentially pass-through.
SimpleAuthenticator (and SimpleAuthority in 0.7) is property file based (using passwd.properties and access.properties). For more information on this approach, see the source in org.apache.cassandra.auth. In 0.7, the format of the access.properties configuration is slightly different.
Both of the built-in options implement IAuthenticator (and IAuthority in 0.7). Those wanting custom auth implementations can start there.