hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xiao Chen <x...@cloudera.com>
Subject Why aren't delegation token operations audit logged?
Date Mon, 14 Aug 2017 18:52:04 GMT
Hello,

When inspecting the code, I found that the following methods in
FSNamesystem are not audit logged:

   - getDelegationToken
   - renewDelegationToken
   - cancelDelegationToken

The audit log itself does have a logTokenTrackingId
<https://github.com/apache/hadoop/blob/branch-3.0.0-alpha4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L7432>
field
to additionally log some details when a token is used for authentication.
But why aren't the token operations themselves audit logged?

I checked with ATM hoping for some history, but no known to him. Anyone
know the reason to not audit log these?

Thanks,
-Xiao

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message