[SERVER-12765] Audit username for x.509 cluster authentication operations Created: 18/Feb/14  Updated: 06/Dec/22  Resolved: 02/Feb/21

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: 2.5.5
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: Auditing
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-52862 Move logAuthentication hooks to Authe... Closed
Related
related to SERVER-53604 Include original aws iam arn in authe... Closed
Assigned Teams:
Server Security
Participants:

 Description   

Currently operations performed by cluster members using internal authentication are logged with the internal __system user, and the IP address of the remote server. It would be an improvement to log the identity of the remote server requesting the operation rather than just its IP address.

For x.509 this is fairly straightforward since a unique name is provided in the client certificate presented by the remote server. We can use the name from the client certificate as a user name in the audit logs.


Generated at Thu Feb 08 03:29:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.