[HBASE-26517] Add auth method information to AccessChecker audit log - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.0, 3.0.0-alpha-2, 2.4.9
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

If we turn on audit logging, authentication events are logged with auth method information (e.g. KERBEROS, TOKEN etc) like below.

2021-11-30 14:15:07,417 INFO SecurityLogger.org.apache.hadoop.hbase.Server: Auth successful for PRINCIPAL@REALM (auth:KERBEROS)

However, authorization event logs which are emitted by AccessChecker class don't contain auth method information.

I need this info to filter out audit log lines generated by MapReduce jobs, auth method = TOKEN case.

Attachments

Issue Links

links to

GitHub Pull Request #3897

Activity

People

Assignee:: Tomu Tsuruhara

Reporter:: Tomu Tsuruhara

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Nov/21 05:44

Updated:: 05/Dec/21 22:56

Resolved:: 04/Dec/21 15:24