[jira] [Commented] (CASSANDRA-18420) Connection without username not logged in auditlog

Sat, 06 May 2023 05:10:06 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17720206#comment-17720206
 ] 

Brandon Williams commented on CASSANDRA-18420:
----------------------------------------------

I have asked myself that question too, given how much trouble this seems to be. 
 But I think the reason this ticket was opened has a valid point:

bq. When migrating cluster into PasswordAuthenticator, hard to find 
applications that didn't add username/password.

There's currently no indication whatsoever if you have a misconfigured 
application and I can see how if you have a lot of apps this could be difficult 
to track down.

bq.  so it will be impossible to differentiate intentional vs unintentional 
disconnections at that (or any other) stage.

That's true, but I think to get this far they have to be a legit client and 
unintentional disconnects right at that point should be pretty uncommon?

> Connection without username not logged in auditlog 
> ---------------------------------------------------
>
>                 Key: CASSANDRA-18420
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18420
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/auditlogging
>            Reporter: Yakir Gibraltar
>            Assignee: Ningzi Zhan
>            Priority: Normal
>             Fix For: 4.0.x, 4.1.x, 5.x
>
>
> Hi,
> If making connection *without username* to cassandra cluster with 
> PasswordAuthenticator enabled, 
> Connection will fail but not logged on auditlog.
> How to reproduce:
>  # Enable "authenticator: PasswordAuthenticator" on cluster
>  # Enable audit : "nodetool enableauditlog"
>  # Open a new screen and run "auditlogviewer -f <log_location>/audit/"
>  # Try to connect, and connection will fail:
> {code:java}
> [root@c1 ~]# cqlsh
> Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': 
> AuthenticationFailed('Remote end requires authentication',)}){code}
>  # *But nothing in auditlogviewer*.
> Connection with incorrect usernames or password logged correct on auditlog , 
> the problem only on connection without username. 
> How it's affecting:
>  # Security reason, hard to find unauthorized connections attempt  .
>  # When migrating cluster into PasswordAuthenticator, hard to find 
> applications that didn't add username/password. 
> Thank you. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to