[jira] [Created] (ZOOKEEPER-4922) Add Audit Logging Support for Login Events in ZooKeeper

Fri, 25 Apr 2025 03:14:23 -0700 

lujie created ZOOKEEPER-4922:
--------------------------------

             Summary: Add Audit Logging Support for Login Events in ZooKeeper
                 Key: ZOOKEEPER-4922
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4922
             Project: ZooKeeper
          Issue Type: Improvement
            Reporter: lujie


ZooKeeper implemented audit logging in ZOOKEEPER-1260, but currently lacks 
audit records for authentication events.
h3. Problem Statement

After analyzing the {{org.apache.zookeeper.Login}} class, we identified the 
following gaps:
 # {*}No audit records for login events{*}: Authentication success/failure 
events are not logged
 # {*}Missing Kerberos authentication auditing{*}: Kerberos ticket operations 
are not recorded
 # {*}No tracking of TGT renewal events{*}: Ticket renewal operations have no 
audit trail

 
h3. Proposed Solution
 # {*}Add login event auditing{*}:
{{// In Login.login() method}}
{{ZKAuditProvider.log(principal, "login", Result.SUCCESS);}}
{{// For login failures}}
{{ZKAuditProvider.log(principal, "login", Result.FAILURE);}}
 # {*}Add ticket renewal auditing{*}:


{{// In reLogin() methodZKAuditProvider.log(principal, "ticketRenewal", 
Result.SUCCESS);}}
 # {*}Add logout event auditing{*}:


{{// In logout() method}}
{{ZKAuditProvider.log(principal, "logout", Result.SUCCESS);}}
{{}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to