[
https://issues.apache.org/jira/browse/CASSANDRA-18420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17720173#comment-17720173
]
Sam Tunnicliffe commented on CASSANDRA-18420:
---------------------------------------------
Is that really something worth tracking? It's not a definite action like
supplying incorrect credentials, so it will be impossible to differentiate
intentional vs unintentional disconnections at that (or any other) stage.
> Connection without username not logged in auditlog
> ---------------------------------------------------
>
> Key: CASSANDRA-18420
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18420
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/auditlogging
> Reporter: Yakir Gibraltar
> Assignee: Ningzi Zhan
> Priority: Normal
> Fix For: 4.0.x, 4.1.x, 5.x
>
>
> Hi,
> If making connection *without username* to cassandra cluster with
> PasswordAuthenticator enabled,
> Connection will fail but not logged on auditlog.
> How to reproduce:
> # Enable "authenticator: PasswordAuthenticator" on cluster
> # Enable audit : "nodetool enableauditlog"
> # Open a new screen and run "auditlogviewer -f <log_location>/audit/"
> # Try to connect, and connection will fail:
> {code:java}
> [root@c1 ~]# cqlsh
> Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042':
> AuthenticationFailed('Remote end requires authentication',)}){code}
> # *But nothing in auditlogviewer*.
> Connection with incorrect usernames or password logged correct on auditlog ,
> the problem only on connection without username.
> How it's affecting:
> # Security reason, hard to find unauthorized connections attempt .
> # When migrating cluster into PasswordAuthenticator, hard to find
> applications that didn't add username/password.
> Thank you.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
