Page History

When you deploy Kylin for more users, switch to LDAP authentication is recommended. In the test environment, you can update the password of the default user and add new users according to the following methods.

Before kylin 3.0.0

In kylin versions before 3.0.0, Kylin uses a simple, configuration based user registry by default. There are three pre-defined test users users in kylinSecurity.xml, their password encrypted value is hard-coded in `kylinSecurity.xml`, they are 'ADMIN:KYLIN', 'ANALYST:ANALYST', 'MODELER:MODELER'.

. To modify the password, you need firstly get the new password’s encrypted value (with BCrypt), and then set it in kylinSecurity.xml. Here is a sample with password ‘ABCDE’:

1、Get the new password’s encrypted value (with BCrypt)

${KYLIN_HOME}/bin/kylin.sh org.apache.kylin.rest.security.PasswordPlaceholderConfigurer BCrypt ABCDE

2、The encrypted password will be output to cmd

BCrypt encrypted password is: 
$2a$10$GXYjtEH2bYNJ5DhFwyK9GepTLoeJevcqNoxfIj6XGAUg9MWD5dnq.

3、Then you can set it into `kylinSecurity.xml`

vi ./tomcat/webapps/kylin/WEB-INF/classes/kylinSecurity.xml

4、Replace the origin encrypted password with the new one

<bean class="org.springframework.security.core.userdetails.User" id="adminUser">
      <constructor-arg value="ADMIN"/>
      <constructor-arg
            value="$2a$10$A7.J.GIEOQknHmJhEeXUdOnj2wrdG4jhopBgqShTgDkJDMoKxYHVu"/>
      <constructor-arg ref="adminAuthorities"/>
</bean>

5、Restart Kylin to take effective. If you have multiple Kylin server as a cluster, do the same on each instance.

6、New users can also use similar methods.

Kylin 3.0.0 and later

In kylin3.0.0 and later, the three built-in user names and passwords are not changed, but they are no longer stored in the `kylinSecurity.xml`, but in the metadata under /user.

If you want to modify the password or add users in kylin3.0.0 and later, you can operate on system page in kylin web ui. 

1、Add new user

2、Modify user password