Enable authentication

Enable authentication to have clients provide valid credentials before they can connect to a YugabyteDB cluster.

This page documents a preview version. v2.23 Preview

Preview includes features under active development and is for development and testing only.
For production, use the latest stable version (v2024.1).

Enabling user authentication in YSQL and YCQL requires setting the appropriate flags on server startup:

--ysql_enable_auth=true in YSQL
--use_cassandra_authentication=true in YCQL

In YSQL, further fine-grained control over client authentication is provided by setting the --ysql_hba_conf_csv flag. You can define rules for access to localhost and remote clients based on IP addresses, authentication methods, and use of TLS (aka SSL) certificates.

Enable user authentication

Enable authentication and configure user authorization in YugabyteDB.

Create login profiles

Prevent brute force exploits by enabling login profiles in YSQL.

Configure client authentication

Use the ysql_hba_conf_csv flag to configure client authentication in YSQL.