You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Boris Shkolnik (JIRA)" <ji...@apache.org> on 2010/02/22 07:16:27 UTC
[jira] Created: (HADOOP-6586) Log authentication and authorization
failures and successes
Log authentication and authorization failures and successes
-----------------------------------------------------------
Key: HADOOP-6586
URL: https://issues.apache.org/jira/browse/HADOOP-6586
Project: Hadoop Common
Issue Type: New Feature
Reporter: Boris Shkolnik
This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839066#action_12839066 ]
Allen Wittenauer commented on HADOOP-6586:
------------------------------------------
That's pretty awful to parse if I want to do a security audit.
Do the two lines actually signify the same connection was successful in two different parts of the stack?
What does failed look like?
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586.patch
preliminary patch for discussion.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-5.patch
added Connection member to the Handle, to be able to record attempting user.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-8-BP20.patch
HADOOP-6586-8-BP20.patch - for previous version. Not for commit
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Status: Patch Available (was: Open)
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838682#action_12838682 ]
Kan Zhang commented on HADOOP-6586:
-----------------------------------
you don't want to catch the exception thrown by tokenIdentifier.getUser() and swallow it.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838917#action_12838917 ]
Allen Wittenauer commented on HADOOP-6586:
------------------------------------------
Can we see some sample output please? Again, I stress: this log needs to be separate-able and parse-able similar to the audit log.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-7.patch
merged with trunk
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12876498#action_12876498 ]
Allen Wittenauer commented on HADOOP-6586:
------------------------------------------
Awesome. Now I can make my "Boris Can't Spell" JIRA.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836882#action_12836882 ]
Allen Wittenauer commented on HADOOP-6586:
------------------------------------------
Security logging needs to be done similarly to HDFS audit logging. It needs to be easily separate-able and parse-able. It should have a fairly static format so that tools won't break from release to release.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Hadoop Flags: [Reviewed]
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840609#action_12840609 ]
Hudson commented on HADOOP-6586:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #193 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/193/])
. Log authentication and authorization failures and successes for RPC
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838009#action_12838009 ]
Kan Zhang commented on HADOOP-6586:
-----------------------------------
When authentication fails, saslServer.getAuthorizationID() will give you null.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Chris Douglas (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Douglas resolved HADOOP-6586.
-----------------------------------
Resolution: Fixed
Setting resolution to fixed, as the patch was committed and not reverted.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838749#action_12838749 ]
Hadoop QA commented on HADOOP-6586:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437091/HADOOP-6586-7.patch
against trunk revision 916529.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 1 new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/390/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/390/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/390/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/390/console
This message is automatically generated.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838010#action_12838010 ]
Kan Zhang commented on HADOOP-6586:
-----------------------------------
Or IllegalStateException.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik reassigned HADOOP-6586:
--------------------------------------
Assignee: Boris Shkolnik
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Wittenauer reopened HADOOP-6586:
--------------------------------------
OK, then I'm going to re-open this.
The logging format should be consistent between the two, with proper identifiers in place to say whether this is a user or an internal protocol. Free form text == death here. I'd like to propose the following:
date INFO service: Auth [successful|failed] for [identify] using [protocol=protocolName|user=username]
IIRC, we support user remapping, so identifying which identity is being used for which user would be helpful here.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-8.patch
addressed Kan's comment.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Wittenauer updated HADOOP-6586:
-------------------------------------
Component/s: security
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839060#action_12839060 ]
Boris Shkolnik commented on HADOOP-6586:
----------------------------------------
No, but now I know there is one.
Here is sample of the output:
2010-02-26 09:48:04,997 INFO SecurityLogger.org.apache.hadoop.ipc.Server: Auth successfull for ssl/fake@HADOOP.ORG
2010-02-26 09:48:04,998 INFO SecurityLogger.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: Authorization successfull for ssl/fake@HADOOP.ORG for protocol=interface org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol
If you have a different suggestion - please propose it. I can look into this later.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-4.patch
good point. On Kan's suggestion changed it to use clients ip:port for logging
(because we don't have any authenticated name in the case of failure).
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839068#action_12839068 ]
Boris Shkolnik commented on HADOOP-6586:
----------------------------------------
first line is authentication of the user
second line is authorization for a specific protocol
For failure "successful => failed"
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839231#action_12839231 ]
Hudson commented on HADOOP-6586:
--------------------------------
Integrated in Hadoop-Common-trunk #262 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/262/])
. Log authentication and authorization failures and successes for RPC
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838686#action_12838686 ]
Kan Zhang commented on HADOOP-6586:
-----------------------------------
otherwise, +1 on the patch.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-8-BP20-1.patch
merged with branch changes.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Wittenauer updated HADOOP-6586:
-------------------------------------
Fix Version/s: 0.22.0
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839006#action_12839006 ]
Allen Wittenauer commented on HADOOP-6586:
------------------------------------------
Is the reason you didn't post output because you have a spelling mistake?
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6586) Log authentication and authorization
failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6586:
-----------------------------------
Attachment: HADOOP-6586-3.patch
auth logs only in secure mode
Creates a separate log file SecurityAuth.audit (Daily Roll)
I've tested some cases manually.
Not sure about auth fail tests.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Amar Kamat (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843941#action_12843941 ]
Amar Kamat commented on HADOOP-6586:
------------------------------------
Boris,
- If we want to model it as audit log, then should keep the naming consistent with hdfs i.e classname.audit?
- I am working on MAPREDUCE-1543 and I have proposed a mapreduce friendly audit log format. Surely we dont want 2 audit-log formats. Here is my [proposal|https://issues.apache.org/jira/browse/MAPREDUCE-1543?focusedCommentId=12843936&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12843936]. Lets discuss it out. If the commons audit-log format turns out to be different from mapreduce, then there should be some way to distinguish them.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Fix For: 0.22.0
>
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8-BP20-1.patch, HADOOP-6586-8-BP20.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6586) Log authentication and
authorization failures and successes
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838992#action_12838992 ]
Boris Shkolnik commented on HADOOP-6586:
----------------------------------------
commited this.
> Log authentication and authorization failures and successes
> -----------------------------------------------------------
>
> Key: HADOOP-6586
> URL: https://issues.apache.org/jira/browse/HADOOP-6586
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6586-3.patch, HADOOP-6586-4.patch, HADOOP-6586-5.patch, HADOOP-6586-7.patch, HADOOP-6586-8.patch, HADOOP-6586.patch
>
>
> This jira will cover RPC authentication and SL authorizations logging.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.