Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12765

Audit username for x.509 cluster authentication operations

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • None
    • 2.5.5
    • Logging, Security
    • Server Security

    Description

      Currently operations performed by cluster members using internal authentication are logged with the internal __system user, and the IP address of the remote server. It would be an improvement to log the identity of the remote server requesting the operation rather than just its IP address.

      For x.509 this is fairly straightforward since a unique name is provided in the client certificate presented by the remote server. We can use the name from the client certificate as a user name in the audit logs.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: