[
https://issues.apache.org/jira/browse/AMBARI-25234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Saurabh Lambe updated AMBARI-25234:
-----------------------------------
Description:
When running a simple REST API call from CLI, I could see two entries in
ambari-audit.log file.
Following is my API call:
{{curl -k -i -u admin:<passwd> -H "X-Requested-By: ambari" -X GET
[http://<ambari-host>:8080/api/v1/clusters|http://saurabh-ambari:8080/api/v1/clusters]}}
Following are the 2 entries in ambari-audit.log:
2019-04-08T10:19:04.991Z, User(null), RemoteIp(x.x.x.x), Operation(User login),
Roles(
), Status(Failed), Reason(Authentication required), Consecutive
failures(UNKNOWN USER)
2019-04-08T10:19:04.999Z, User(admin), RemoteIp(x.x.x.x), Operation(User
login), Roles(
Ambari: Ambari Administrator
), Status(Success)
The second line seems to be valid. However, the first line (with the null user)
shouldn't be there.
was:
When running a simple REST API call from CLI, I could see two entries in
ambari-audit.log file.
Following is my API call:
{{curl -k -i -u admin:<passwd> -H "X-Requested-By: ambari" -X GET
[http://<ambari-host>:8080/api/v1/clusters|http://saurabh-ambari:8080/api/v1/clusters]}}
Following are the 2 entries in ambari-audit.log:
2019-04-08T10:19:04.991Z, User(null), RemoteIp(10.200.4.34), Operation(User
login), Roles(
), Status(Failed), Reason(Authentication required), Consecutive
failures(UNKNOWN USER)
2019-04-08T10:19:04.999Z, User(admin), RemoteIp(10.200.4.34), Operation(User
login), Roles(
Ambari: Ambari Administrator
), Status(Success)
The second line seems to be valid. However, the first line (with the null user)
shouldn't be there.
> Ambari audit log shows "null" user when executing an API call as admin
> ----------------------------------------------------------------------
>
> Key: AMBARI-25234
> URL: https://issues.apache.org/jira/browse/AMBARI-25234
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.3
> Environment: RHEL 7.x
> Reporter: Saurabh Lambe
> Priority: Minor
> Labels: newbie
> Fix For: 2.7.4
>
>
> When running a simple REST API call from CLI, I could see two entries in
> ambari-audit.log file.
>
> Following is my API call:
> {{curl -k -i -u admin:<passwd> -H "X-Requested-By: ambari" -X GET
> [http://<ambari-host>:8080/api/v1/clusters|http://saurabh-ambari:8080/api/v1/clusters]}}
>
> Following are the 2 entries in ambari-audit.log:
> 2019-04-08T10:19:04.991Z, User(null), RemoteIp(x.x.x.x), Operation(User
> login), Roles(
> ), Status(Failed), Reason(Authentication required), Consecutive
> failures(UNKNOWN USER)
> 2019-04-08T10:19:04.999Z, User(admin), RemoteIp(x.x.x.x), Operation(User
> login), Roles(
> Ambari: Ambari Administrator
> ), Status(Success)
>
> The second line seems to be valid. However, the first line (with the null
> user) shouldn't be there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
