[
https://issues.apache.org/jira/browse/ZOOKEEPER-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15763608#comment-15763608
]
Alex Zhou commented on ZOOKEEPER-2649:
--------------------------------------
Hi,
I just expect to find session ID in log record about successfull
authentication. Without it, I can only find out which session data has been
changed and that session was opened for client from some IP.
So it would be great:
{quote}
2016-12-09 15:46:34,808 [myid:] - INFO [SyncThread:0:ZooKeeperServer@673] -
Established session 0x158e39a0a960001 with negotiated timeout 30000 for client
/0:0:0:0:0:0:0:1:52626
2016-12-09 15:46:34,838 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118] -
Successfully authenticated client: authenticationID=bob; authorizationID=bob.
2016-12-09 15:46:34,848 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134] -
Setting authorizedID: bob
2016-12-09 15:46:34,848 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024] -
{color:red}Session 0x158e39a0a960001:{color} adding SASL authorization for
authorizationID=bob
2016-12-13 10:52:54,915 [myid:] - INFO [SyncThread:0:ZooKeeperServer@673] -
Established session 0x158f72acaed0001 with negotiated timeout 30000 for client
/172.20.97.175:52217
2016-12-13 10:52:55,070 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118] -
Successfully authenticated client: [email protected];
[email protected].
2016-12-13 10:52:55,075 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134] -
Setting authorizedID: [email protected]
2016-12-13 10:52:55,075 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024] -
{color:red}Session 0x158f72acaed0001:{color} adding SASL authorization for
[email protected]
2016-12-19 17:43:01,395 [myid:] - INFO [SyncThread:0:ZooKeeperServer@673] -
Established session 0x158fd72521f0000 with negotiated timeout 30000 for client
/172.20.97.175:57633
2016-12-19 17:45:53,497 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@952] -
{color:red}Session 0x158fd72521f0000:{color} got auth packet
/172.20.97.175:57633
2016-12-19 17:45:53,508 [myid:] - INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@986] -
{color:red}Session 0x158fd72521f0000:{color} auth success {color:red}for
authorizationID=ann{color}/172.20.97.175:57633
{quote}
Apparently it would be also great to see the session ID in the log records
about unsuccessful authentication. As well as authenticationID in the records
about digest authentications ('auth success').
> The ZooKeeper do not write in log session ID in which the client has been
> authenticated.
> ----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2649
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2649
> Project: ZooKeeper
> Issue Type: Improvement
> Components: quorum
> Affects Versions: 3.4.9, 3.5.2
> Reporter: Alex Zhou
> Priority: Trivial
> Fix For: 3.4.10, 3.5.3, 3.6.0
>
>
> The ZooKeeper do not write in log session ID in which the client has been
> authenticated. This occurs for digest and for SASL authentications:
> bq. 2016-12-09 15:46:34,808 [myid:] - INFO
> [SyncThread:0:ZooKeeperServer@673] - Established session 0x158e39a0a960001
> with negotiated timeout 30000 for client /0:0:0:0:0:0:0:1:52626
> bq. 2016-12-09 15:46:34,838 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118] -
> Successfully authenticated client: authenticationID=bob; authorizationID=bob.
> bq. 2016-12-09 15:46:34,848 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134] -
> Setting authorizedID: bob
> bq. 2016-12-09 15:46:34,848 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024] - adding
> SASL authorization for authorizationID: bob
> bq. 2016-12-13 10:52:54,915 [myid:] - INFO
> [SyncThread:0:ZooKeeperServer@673] - Established session 0x158f72acaed0001
> with negotiated timeout 30000 for client /172.20.97.175:52217
> bq. 2016-12-13 10:52:55,070 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118] -
> Successfully authenticated client: [email protected];
> [email protected].
> bq. 2016-12-13 10:52:55,075 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134] -
> Setting authorizedID: [email protected]
> bq. 2016-12-13 10:52:55,075 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024] - adding
> SASL authorization for authorizationID: [email protected]
> bq. 2016-12-19 17:43:01,395 [myid:] - INFO
> [SyncThread:0:ZooKeeperServer@673] - Established session 0x158fd72521f0000
> with negotiated timeout 30000 for client /172.20.97.175:57633
> bq. 2016-12-19 17:45:53,497 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@952] - got auth
> packet /172.20.97.175:57633
> bq. 2016-12-19 17:45:53,508 [myid:] - INFO
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@986] - auth
> success /172.20.97.175:57633
> So, it is difficult to determine which client made changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
