[
https://issues.apache.org/jira/browse/CASSANDRA-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dave Brosius updated CASSANDRA-2485:
------------------------------------
Attachment: 2485_b.txt
> improve authentication log
> --------------------------
>
> Key: CASSANDRA-2485
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2485
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 0.7.4
> Environment: linux
> Reporter: Shotaro Kamio
> Assignee: Dave Brosius
> Fix For: 1.2.0 beta 2
>
> Attachments: 2485_b.txt, 2485.txt
>
>
> Cassandra should have better authentication log when authenticator is used.
> At least in login failure, the log should contain login failure message and
> its reason.
> What we have now is DEBUG log in org.apache.cassandra.service.ClientState.
> I think there are 5 cases to be logged:
> 1. Login failure (No credential is given)
> 2. Login failure (Unknown user)
> 3. Login failure (Valid user, but wrong password)
> 4. Invalid request (Valid user, but no permission for the operation)
> 5. Login success
> Followings are current logs and problems.
> 1. Login failure (No credential is given)
> Client will get InvalidRequestException in this case. But log on cassandra
> server is just as follows:
> DEBUG [pool-1-thread-1] 2011-04-15 17:59:40,094 ClientState.java (line 91)
> logged out: null
> It must be useful if it contains login failure and its reason.
> 2. Login failure (Unknown user)
> I'm not sure what client receives in this case. (pycassa raises
> AllServersUnavailable exception.)
> The server log shows ERROR as follows. But I think that it is ERROR for
> client, but not for server. The server log should be INFO or WARNING with
> some detail.
> ERROR [pool-1-thread-3] 2011-04-15 18:00:18,236 Cassandra.java (line 2583)
> Internal error processing login
> java.lang.RuntimeException: Unexpected authentication problem
> at
> org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:125)
> at org.apache.cassandra.service.ClientState.login(ClientState.java:82)
> at
> org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:609)
> at
> org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:2577)
> at
> org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:2555)
> at
> org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:206)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: AuthenticationException(why:Given password in password mode PLAIN
> could not be validated for user jsmith22)
> at
> org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:106)
> ... 8 more
> DEBUG [pool-1-thread-2] 2011-04-15 18:00:18,238 ClientState.java (line 91)
> logged out: null
> 3. Login failure (Valid user, but wrong password)
> Client gets AuthenticationException. But server doesn't have any informative
> log. Just says "logged out". This log should be INFO or WARNING with user
> name for debug purpose.
> DEBUG [pool-1-thread-4] 2011-04-15 18:04:02,169 ClientState.java (line 91)
> logged out: null
> 4. Invalid request (Valid user, but no permission for the operation)
> The log is the same with the login success case below. Cassandra should logs
> about no permission with INFO or WARN level.
> DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,350 ClientState.java (line 84)
> logged in: #<User jsmith groups=[]>
> DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,397 ClientState.java (line 91)
> logged out: #<User jsmith groups=[]>
> 5. Login success (valid user and password)
> This log is ok because we can choose DEBUG level if we want to log all the
> success logins.
> DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,451 ClientState.java (line 84)
> logged in: #<User jsmith groups=[]>
> DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,494 ClientState.java (line 91)
> logged out: #<User jsmith groups=[]>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
