cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shotaro Kamio (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-2485) improve authentication log
Date Fri, 15 Apr 2011 09:29:05 GMT
improve authentication log
--------------------------

                 Key: CASSANDRA-2485
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2485
             Project: Cassandra
          Issue Type: Improvement
          Components: Core
    Affects Versions: 0.7.4
         Environment: linux
            Reporter: Shotaro Kamio


Cassandra should have better authentication log when authenticator is used. At least in login
failure, the log should contain login failure message and its reason.
What we have now is DEBUG log in org.apache.cassandra.service.ClientState.

I think there are 5 cases to be logged:
1. Login failure (No credential is given)
2. Login failure (Unknown user)
3. Login failure (Valid user, but wrong password)
4. Invalid request (Valid user, but no permission for the operation)
5. Login success


Followings are current logs and problems.

1. Login failure (No credential is given)

Client will get InvalidRequestException in this case. But log on cassandra server is just
as follows:

 DEBUG [pool-1-thread-1] 2011-04-15 17:59:40,094 ClientState.java (line 91) logged out: null

It must be useful if it contains login failure and its reason.


2. Login failure (Unknown user)

I'm not sure what client receives in this case. (pycassa raises AllServersUnavailable exception.)
The server log shows ERROR as follows. But I think that it is ERROR for client, but not for
server. The server log should be INFO or WARNING with some detail.


ERROR [pool-1-thread-3] 2011-04-15 18:00:18,236 Cassandra.java (line 2583) Internal error
processing login
java.lang.RuntimeException: Unexpected authentication problem
        at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:125)
        at org.apache.cassandra.service.ClientState.login(ClientState.java:82)
        at org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:609)
        at org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:2577)
        at org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:2555)
        at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:206)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: AuthenticationException(why:Given password in password mode PLAIN could not be
validated for user jsmith22)
        at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:106)
        ... 8 more
DEBUG [pool-1-thread-2] 2011-04-15 18:00:18,238 ClientState.java (line 91) logged out: null


3. Login failure (Valid user, but wrong password)

Client gets AuthenticationException. But server doesn't have any informative log. Just says
"logged out". This log should be INFO or WARNING with user name for debug purpose.

DEBUG [pool-1-thread-4] 2011-04-15 18:04:02,169 ClientState.java (line 91) logged out: null


4. Invalid request (Valid user, but no permission for the operation)

The log is the same with the login success case below. Cassandra should logs about no permission
with INFO or WARN level.

DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,350 ClientState.java (line 84) logged in: #<User
jsmith groups=[]>
DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,397 ClientState.java (line 91) logged out: #<User
jsmith groups=[]>


5. Login success (valid user and password)

This log is ok because we can choose DEBUG level if we want to log all the success logins.

DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,451 ClientState.java (line 84) logged in: #<User
jsmith groups=[]>
DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,494 ClientState.java (line 91) logged out: #<User
jsmith groups=[]>



--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message