Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14395

Investigate changes in SERVER-56267: Prevent authentication as multiple users on API versioned connections

XMLWordPrintableJSON

      Description

      Downstream Change Summary

      When { api:

      Unknown macro: { strict}

      } is specified, three classes of multi authentication will be rejected:

      • Re-authenticating as the same user on the same database.
      • Authenticating as new user on a previously authenticated database.
      • Authenticating as any user on a new database when previous authenticated on a different database.

      All three of these cases emit log entries at warning severity with our without { api:

      Unknown macro: { strict}

      }. These entries have log ids 5626700, 5626701, and 5626702.

      Description of Linked Ticket

      If a client connects to a database and attempts to authenticate as multiple users, by performing multiple authentication exchanges on multiple databases, we should:

      • Emit a log warning indicating that this behaviour is deprecated
      • Reject the second authentication attempt if they provided an API version and specified {apiStrict: true} for their connection. We should not enforce this limitation if testCommands are enabled, to prevent it from impacting our integration testing infrastructure.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            joseph.dougherty@mongodb.com Joseph Dougherty
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              2 years, 46 weeks, 1 day ago