-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:None
Description
Downstream Change Summary
When { api:
Unknown macro: { strict}
} is specified, three classes of multi authentication will be rejected:
- Re-authenticating as the same user on the same database.
- Authenticating as new user on a previously authenticated database.
- Authenticating as any user on a new database when previous authenticated on a different database.
All three of these cases emit log entries at warning severity with our without { api:
Unknown macro: { strict}
}. These entries have log ids 5626700, 5626701, and 5626702.
Description of Linked Ticket
If a client connects to a database and attempts to authenticate as multiple users, by performing multiple authentication exchanges on multiple databases, we should:
- Emit a log warning indicating that this behaviour is deprecated
- Reject the second authentication attempt if they provided an API version and specified {apiStrict: true} for their connection. We should not enforce this limitation if testCommands are enabled, to prevent it from impacting our integration testing infrastructure.
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
- documents
-
SERVER-56267 Prevent authentication as multiple users on API versioned connections
- Closed