[SERVER-12765] Audit username for x.509 cluster authentication operations Created: 18/Feb/14 Updated: 06/Dec/22 Resolved: 02/Feb/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | 2.5.5 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andreas Nilsson | Assignee: | Backlog - Security Team |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | Auditing | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
Currently operations performed by cluster members using internal authentication are logged with the internal __system user, and the IP address of the remote server. It would be an improvement to log the identity of the remote server requesting the operation rather than just its IP address. For x.509 this is fairly straightforward since a unique name is provided in the client certificate presented by the remote server. We can use the name from the client certificate as a user name in the audit logs. |