[ https://issues.apache.org/jira/browse/HADOOP-13693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15587311#comment-15587311 ]
Xiao Chen edited comment on HADOOP-13693 at 10/19/16 1:31 AM: -------------------------------------------------------------- Committed to trunk. Thanks Andrew, Xiaoyu and Arun for the review and feedback! was (Author: xiaochen): Committed to trunk. Thanks Andrew, Xiaoyu and Arun for the feedback! > Remove the message about HTTP OPTIONS in SPNEGO initialization message from > kms audit log > ----------------------------------------------------------------------------------------- > > Key: HADOOP-13693 > URL: https://issues.apache.org/jira/browse/HADOOP-13693 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Reporter: Xiao Chen > Assignee: Xiao Chen > Priority: Minor > Fix For: 3.0.0-alpha2 > > Attachments: HADOOP-13693.01.patch, HADOOP-13693.02.patch > > > For a successful kms operation, kms-audit.log shows an UNAUTHENTICATED > ErrorMsg:'Authentication required' message before the OK messages. This is > expected, and due to the spnego authentication sequence. (Notice method == > {{OPTIONS}}) > {noformat} > 2016-01-31 21:07:04,671 UNAUTHENTICATED RemoteHost:10.0.2.15 Method:OPTIONS > URL:https://quickstart.cloudera:16000/kms/v1/keyversion/ZJfn4lfNXxy068gqEmhxRCFljzoKEKDDR9ZJLO32vqq/_eek?eek_op=decrypt > ErrorMsg:'Authentication required' > 2016-01-31 21:07:04,911 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, > accessCount=1, interval=0ms] > 2016-01-31 21:07:15,104 OK[op=DECRYPT_EEK, key=cloudera, user=cloudera, > accessCount=1, interval=10193ms] > {noformat} > However, admins/auditors see this and can easily get confused/alerted. We > should make it obvious this is benign. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org