zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Zhou (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2649) The ZooKeeper do not write in log session ID in which the client has been authenticated.
Date Tue, 20 Dec 2016 08:22:58 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15763608#comment-15763608
] 

Alex Zhou commented on ZOOKEEPER-2649:
--------------------------------------

Hi,
I just expect to find session ID in log record about successfull authentication. Without it,
I can only find out which session data has been changed and that session was opened for client
from some IP.
So it would be great:
{quote}
2016-12-09 15:46:34,808 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established session
0x158e39a0a960001 with negotiated timeout 30000 for client /0:0:0:0:0:0:0:1:52626
2016-12-09 15:46:34,838 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118]
- Successfully authenticated client: authenticationID=bob;  authorizationID=bob.
2016-12-09 15:46:34,848 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134]
- Setting authorizedID: bob
2016-12-09 15:46:34,848 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024]
- {color:red}Session 0x158e39a0a960001:{color} adding SASL authorization for authorizationID=bob

2016-12-13 10:52:54,915 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established session
0x158f72acaed0001 with negotiated timeout 30000 for client /172.20.97.175:52217
2016-12-13 10:52:55,070 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118]
- Successfully authenticated client: authenticationID=ufm@BILLAB.RU;  authorizationID=ufm@BILLAB.RU.
2016-12-13 10:52:55,075 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134]
- Setting authorizedID: ufm@BILLAB.RU
2016-12-13 10:52:55,075 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024]
- {color:red}Session 0x158f72acaed0001:{color} adding SASL authorization for authorizationID=ufm@BILLAB.RU

2016-12-19 17:43:01,395 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established session
0x158fd72521f0000 with negotiated timeout 30000 for client /172.20.97.175:57633
2016-12-19 17:45:53,497 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@952]
- {color:red}Session 0x158fd72521f0000:{color} got auth packet /172.20.97.175:57633
2016-12-19 17:45:53,508 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@986]
- {color:red}Session 0x158fd72521f0000:{color} auth success {color:red}for authorizationID=ann{color}/172.20.97.175:57633
{quote}

Apparently it would be also great to see the session ID in the log records about unsuccessful
authentication.  As well as authenticationID in the records about digest authentications ('auth
success').

> The ZooKeeper do not write in log session ID in which the client has been authenticated.
> ----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2649
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2649
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: quorum
>    Affects Versions: 3.4.9, 3.5.2
>            Reporter: Alex Zhou
>            Priority: Trivial
>             Fix For: 3.4.10, 3.5.3, 3.6.0
>
>
> The ZooKeeper do not write in log session ID in which the client has been authenticated.
This occurs for digest and for SASL authentications:
> bq. 2016-12-09 15:46:34,808 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established
session 0x158e39a0a960001 with negotiated timeout 30000 for client /0:0:0:0:0:0:0:1:52626
> bq. 2016-12-09 15:46:34,838 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118]
- Successfully authenticated client: authenticationID=bob;  authorizationID=bob.
> bq. 2016-12-09 15:46:34,848 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134]
- Setting authorizedID: bob
> bq. 2016-12-09 15:46:34,848 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024]
- adding SASL authorization for authorizationID: bob
> bq. 2016-12-13 10:52:54,915 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established
session 0x158f72acaed0001 with negotiated timeout 30000 for client /172.20.97.175:52217
> bq. 2016-12-13 10:52:55,070 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118]
- Successfully authenticated client: authenticationID=ufm@BILLAB.RU;  authorizationID=ufm@BILLAB.RU.
> bq. 2016-12-13 10:52:55,075 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134]
- Setting authorizedID: ufm@BILLAB.RU
> bq. 2016-12-13 10:52:55,075 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1024]
- adding SASL authorization for authorizationID: ufm@BILLAB.RU
> bq. 2016-12-19 17:43:01,395 [myid:] - INFO  [SyncThread:0:ZooKeeperServer@673] - Established
session 0x158fd72521f0000 with negotiated timeout 30000 for client /172.20.97.175:57633
> bq. 2016-12-19 17:45:53,497 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@952]
- got auth packet /172.20.97.175:57633
> bq. 2016-12-19 17:45:53,508 [myid:] - INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@986]
- auth success /172.20.97.175:57633
> So, it is difficult to determine which client made changes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message