cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Ellis (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-2485) improve authentication log
Date Mon, 08 Oct 2012 15:44:03 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jonathan Ellis updated CASSANDRA-2485:
--------------------------------------

    Reviewer: yukim
    
> improve authentication log
> --------------------------
>
>                 Key: CASSANDRA-2485
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2485
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 0.7.4
>         Environment: linux
>            Reporter: Shotaro Kamio
>            Assignee: Dave Brosius
>             Fix For: 1.2.0 beta 2
>
>         Attachments: 2485.txt
>
>
> Cassandra should have better authentication log when authenticator is used. At least
in login failure, the log should contain login failure message and its reason.
> What we have now is DEBUG log in org.apache.cassandra.service.ClientState.
> I think there are 5 cases to be logged:
> 1. Login failure (No credential is given)
> 2. Login failure (Unknown user)
> 3. Login failure (Valid user, but wrong password)
> 4. Invalid request (Valid user, but no permission for the operation)
> 5. Login success
> Followings are current logs and problems.
> 1. Login failure (No credential is given)
> Client will get InvalidRequestException in this case. But log on cassandra server is
just as follows:
>  DEBUG [pool-1-thread-1] 2011-04-15 17:59:40,094 ClientState.java (line 91) logged out:
null
> It must be useful if it contains login failure and its reason.
> 2. Login failure (Unknown user)
> I'm not sure what client receives in this case. (pycassa raises AllServersUnavailable
exception.)
> The server log shows ERROR as follows. But I think that it is ERROR for client, but not
for server. The server log should be INFO or WARNING with some detail.
> ERROR [pool-1-thread-3] 2011-04-15 18:00:18,236 Cassandra.java (line 2583) Internal error
processing login
> java.lang.RuntimeException: Unexpected authentication problem
>         at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:125)
>         at org.apache.cassandra.service.ClientState.login(ClientState.java:82)
>         at org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:609)
>         at org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:2577)
>         at org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:2555)
>         at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:206)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>         at java.lang.Thread.run(Thread.java:662)
> Caused by: AuthenticationException(why:Given password in password mode PLAIN could not
be validated for user jsmith22)
>         at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:106)
>         ... 8 more
> DEBUG [pool-1-thread-2] 2011-04-15 18:00:18,238 ClientState.java (line 91) logged out:
null
> 3. Login failure (Valid user, but wrong password)
> Client gets AuthenticationException. But server doesn't have any informative log. Just
says "logged out". This log should be INFO or WARNING with user name for debug purpose.
> DEBUG [pool-1-thread-4] 2011-04-15 18:04:02,169 ClientState.java (line 91) logged out:
null
> 4. Invalid request (Valid user, but no permission for the operation)
> The log is the same with the login success case below. Cassandra should logs about no
permission with INFO or WARN level.
> DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,350 ClientState.java (line 84) logged in:
#<User jsmith groups=[]>
> DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,397 ClientState.java (line 91) logged out:
#<User jsmith groups=[]>
> 5. Login success (valid user and password)
> This log is ok because we can choose DEBUG level if we want to log all the success logins.
> DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,451 ClientState.java (line 84) logged in:
#<User jsmith groups=[]>
> DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,494 ClientState.java (line 91) logged out:
#<User jsmith groups=[]>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message