Details
-
Bug
-
Status: In Progress
-
Normal
-
Resolution: Unresolved
-
None
-
Correctness
-
Normal
-
Normal
-
User Report
-
All
-
None
Description
Hi,
If making connection without username to cassandra cluster with PasswordAuthenticator enabled,
Connection will fail but not logged on auditlog.
How to reproduce:
- Enable "authenticator: PasswordAuthenticator" on cluster
- Enable audit : "nodetool enableauditlog"
- Open a new screen and run "auditlogviewer -f <log_location>/audit/"
- Try to connect, and connection will fail:
[root@c1 ~]# cqlsh Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': AuthenticationFailed('Remote end requires authentication',)})
- But nothing in auditlogviewer.
Connection with incorrect usernames or password logged correct on auditlog , the problem only on connection without username.
How it's affecting:
- Security reason, hard to find unauthorized connections attempt .
- When migrating cluster into PasswordAuthenticator, hard to find applications that didn't add username/password.
Thank you.