Myroslav Papirkovskyi created AMBARI-25368:
----------------------------------------------
Summary: CLONE - Ambari audit log shows "null" user when executing
an API call as admin - Ambari 2.6.2
Key: AMBARI-25368
URL: https://issues.apache.org/jira/browse/AMBARI-25368
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.5.2, 2.7.3
Environment: RHEL 7.x
Reporter: Myroslav Papirkovskyi
Assignee: Krisztian Kasa
Fix For: 2.7.4
When running a simple REST API call from CLI, I could see two entries in
ambari-audit.log file.
Following is my API call:
{{curl -k -i -u admin:<passwd> -H "X-Requested-By: ambari" -X GET
[http://<ambari-host>:8080/api/v1/clusters|http://saurabh-ambari:8080/api/v1/clusters]}}
Following are the 2 entries in ambari-audit.log:
{quote}2019-04-08T10:19:04.991Z, User(null), RemoteIp(x.x.x.x), Operation(User
login), Roles(
), Status(Failed), Reason(Authentication required), Consecutive
failures(UNKNOWN USER)
2019-04-08T10:19:04.999Z, User(admin), RemoteIp(x.x.x.x), Operation(User
login), Roles(
Ambari: Ambari Administrator
), Status(Success)
{quote}
The second line seems to be valid. However, the first line (with the null user)
shouldn't be there.
Note: I'm not sure if it helps, but the cluster is Kerberized and Knox isn't
involved.
Edit: This issue could be seen on both Ambari 2.5.2 and 2.7.3. Also, 2.5.2
version cluster is Kerberized, the 2.7.3 version is NOT Kerberized.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
