Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13693

Remove the message about HTTP OPTIONS in SPNEGO initialization message from kms audit log

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0-alpha2
    • Component/s: kms
    • Labels:
    • Target Version/s:
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      kms-audit.log used to show an UNAUTHENTICATED message even for successful operations, because of the OPTIONS HTTP request during SPNEGO initial handshake. This message brings more confusion than help, and has hence been removed.

      Description

      For a successful kms operation, kms-audit.log shows an UNAUTHENTICATED ErrorMsg:'Authentication required' message before the OK messages. This is expected, and due to the spnego authentication sequence. (Notice method == OPTIONS)

      2016-01-31 21:07:04,671 UNAUTHENTICATED RemoteHost:10.0.2.15 Method:OPTIONS URL:https://quickstart.cloudera:16000/kms/v1/keyversion/ZJfn4lfNXxy068gqEmhxRCFljzoKEKDDR9ZJLO32vqq/_eek?eek_op=decrypt ErrorMsg:'Authentication required'
      2016-01-31 21:07:04,911 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, accessCount=1, interval=0ms] 
      2016-01-31 21:07:15,104 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, accessCount=1, interval=10193ms] 
      

      However, admins/auditors see this and can easily get confused/alerted. We should make it obvious this is benign.

        Attachments

        1. HADOOP-13693.01.patch
          1 kB
          Xiao Chen
        2. HADOOP-13693.02.patch
          1 kB
          Xiao Chen

          Issue Links

            Activity

              People

              • Assignee:
                xiaochen Xiao Chen
                Reporter:
                xiaochen Xiao Chen
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: