[ https://issues.apache.org/jira/browse/HADOOP-13693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15587187#comment-15587187 ]
Xiao Chen commented on HADOOP-13693: ------------------------------------ Given Andrew's +1 and Arun/Xiaoyu's positive feedback, I plan to commit this later today. > Remove the message about HTTP OPTIONS in SPNEGO initialization message from > kms audit log > ----------------------------------------------------------------------------------------- > > Key: HADOOP-13693 > URL: https://issues.apache.org/jira/browse/HADOOP-13693 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Reporter: Xiao Chen > Assignee: Xiao Chen > Priority: Minor > Attachments: HADOOP-13693.01.patch, HADOOP-13693.02.patch > > > For a successful kms operation, kms-audit.log shows an UNAUTHENTICATED > ErrorMsg:'Authentication required' message before the OK messages. This is > expected, and due to the spnego authentication sequence. (Notice method == > {{OPTIONS}}) > {noformat} > 2016-01-31 21:07:04,671 UNAUTHENTICATED RemoteHost:10.0.2.15 Method:OPTIONS > URL:https://quickstart.cloudera:16000/kms/v1/keyversion/ZJfn4lfNXxy068gqEmhxRCFljzoKEKDDR9ZJLO32vqq/_eek?eek_op=decrypt > ErrorMsg:'Authentication required' > 2016-01-31 21:07:04,911 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, > accessCount=1, interval=0ms] > 2016-01-31 21:07:15,104 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, > accessCount=1, interval=10193ms] > {noformat} > However, admins/auditors see this and can easily get confused/alerted. We > should make it obvious this is benign. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org