[jira] [Commented] (CASSANDRA-18420) Connection without username not logged in auditlog

Thu, 27 Apr 2023 11:17:53 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17717328#comment-17717328
 ] 

Brandon Williams commented on CASSANDRA-18420:
----------------------------------------------

Indeed, it seems the client gets to STARTUP 
[here|https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/transport/InitialConnectionHandler.java#L123]
 and never goes any further.  We could add an audit log entry for all clients 
that get this far (they have to be an actual client at this point), but I can't 
seem to find an easy place to log if they have only gotten this far when they 
disconnect. [~samt] WDYT?

> Connection without username not logged in auditlog 
> ---------------------------------------------------
>
>                 Key: CASSANDRA-18420
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18420
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/auditlogging
>            Reporter: Yakir Gibraltar
>            Assignee: Ningzi Zhan
>            Priority: Normal
>             Fix For: 4.0.x, 4.1.x, 5.x
>
>
> Hi,
> If making connection *without username* to cassandra cluster with 
> PasswordAuthenticator enabled, 
> Connection will fail but not logged on auditlog.
> How to reproduce:
>  # Enable "authenticator: PasswordAuthenticator" on cluster
>  # Enable audit : "nodetool enableauditlog"
>  # Open a new screen and run "auditlogviewer -f <log_location>/audit/"
>  # Try to connect, and connection will fail:
> {code:java}
> [root@c1 ~]# cqlsh
> Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': 
> AuthenticationFailed('Remote end requires authentication',)}){code}
>  # *But nothing in auditlogviewer*.
> Connection with incorrect usernames or password logged correct on auditlog , 
> the problem only on connection without username. 
> How it's affecting:
>  # Security reason, hard to find unauthorized connections attempt  .
>  # When migrating cluster into PasswordAuthenticator, hard to find 
> applications that didn't add username/password. 
> Thank you. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to