[
https://issues.apache.org/jira/browse/CASSANDRA-18420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yakir Gibraltar updated CASSANDRA-18420:
----------------------------------------
Description:
Hi,
If making connection *without username* to cassandra cluster with
PasswordAuthenticator enabled,
Connection will fail but not logged on auditlog.
How to reproduce:
# Enable "authenticator: PasswordAuthenticator" on cluster
# Enable audit : "nodetool enableauditlog"
# Open a new screen and run "auditlogviewer -f <log_location>/audit/"
# Try to connect, and connection will fail:
{code:java}
[root@c1 ~]# cqlsh
Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042':
AuthenticationFailed('Remote end requires authentication',)}){code}
# *But nothing in auditlogviewer*.
Connection with incorrect usernames or password logged correct on auditlog ,
the problem only on connection without username.
How it's affecting:
# Security reason, hard to find unauthorized connections attempt .
# When migrating cluster into PasswordAuthenticator, hard to find applications
that didn't add username/password.
Thank you.
was:
Hi,
If making connection *without username* to cassandra cluster with
PasswordAuthenticator enabled,
Connection will fail but not logged on auditlog.
How to reproduce:
# Enable "authenticator: PasswordAuthenticator" on cluster
# Enable audit : "nodetool enableauditlog"
# Open a new screen and run "auditlogviewer -f <log_location>/audit/"
# Try to connect, and connection will fail:
{code:java}
[root@c1 ~]# cqlsh
Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042':
AuthenticationFailed('Remote end requires authentication',)}){code}
# *But nothing in auditlogviewer*.
Connection with incorrect usernames or password logged correct on auditlog ,
the problem only on connection without username.
How it's affecting:
# Security reason, hard to find unauthorized connection .
# When migrating cluster into PasswordAuthenticator, hard to find applications
that didn't add username/password.
Thank you.
> Connection without username not logged in auditlog
> ---------------------------------------------------
>
> Key: CASSANDRA-18420
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18420
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/auditlogging
> Reporter: Yakir Gibraltar
> Priority: Normal
>
> Hi,
> If making connection *without username* to cassandra cluster with
> PasswordAuthenticator enabled,
> Connection will fail but not logged on auditlog.
> How to reproduce:
> # Enable "authenticator: PasswordAuthenticator" on cluster
> # Enable audit : "nodetool enableauditlog"
> # Open a new screen and run "auditlogviewer -f <log_location>/audit/"
> # Try to connect, and connection will fail:
> {code:java}
> [root@c1 ~]# cqlsh
> Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042':
> AuthenticationFailed('Remote end requires authentication',)}){code}
> # *But nothing in auditlogviewer*.
> Connection with incorrect usernames or password logged correct on auditlog ,
> the problem only on connection without username.
> How it's affecting:
> # Security reason, hard to find unauthorized connections attempt .
> # When migrating cluster into PasswordAuthenticator, hard to find
> applications that didn't add username/password.
> Thank you.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
