[
https://issues.apache.org/jira/browse/AMBARI-25368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Myroslav Papirkovskyi resolved AMBARI-25368.
--------------------------------------------
Resolution: Fixed
Merged to branch-2.6.
> CLONE - Ambari audit log shows "null" user when executing an API call as
> admin - Ambari 2.6.2
> ---------------------------------------------------------------------------------------------
>
> Key: AMBARI-25368
> URL: https://issues.apache.org/jira/browse/AMBARI-25368
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.2
> Environment: RHEL 7.x
> Reporter: Myroslav Papirkovskyi
> Assignee: Myroslav Papirkovskyi
> Priority: Minor
> Labels: newbie, pull-request-available
> Fix For: 2.6.2
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When running a simple REST API call from CLI, I could see two entries in
> ambari-audit.log file.
>
> Following is my API call:
> {{curl -k -i -u admin:<passwd> -H "X-Requested-By: ambari" -X GET
> [http://<ambari-host>:8080/api/v1/clusters|http://saurabh-ambari:8080/api/v1/clusters]}}
>
> Following are the 2 entries in ambari-audit.log:
> {quote}2019-04-08T10:19:04.991Z, User(null), RemoteIp(x.x.x.x),
> Operation(User login), Roles(
> ), Status(Failed), Reason(Authentication required), Consecutive
> failures(UNKNOWN USER)
> 2019-04-08T10:19:04.999Z, User(admin), RemoteIp(x.x.x.x), Operation(User
> login), Roles(
> Ambari: Ambari Administrator
> ), Status(Success)
> {quote}
>
> The second line seems to be valid. However, the first line (with the null
> user) shouldn't be there.
> Note: I'm not sure if it helps, but the cluster is Kerberized and Knox isn't
> involved.
>
> Edit: This issue could be seen on both Ambari 2.5.2 and 2.7.3. Also, 2.5.2
> version cluster is Kerberized, the 2.7.3 version is NOT Kerberized.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
