Details
-
Task
-
Resolution: Done
-
Major - P3
-
None
-
None
Description
We should explicitly warn users that when they create app certificates, they should use a different DC-OU-O combination than they used for server certificates.
Since we are using the DC-OU-O part of the cert subject name to detect internal connections in the replica set, any user that has the same DC-OU-O combination in his certificate will be treated as the internal user (i.e. __system) and he will get wrong privileges.
Attachments
Issue Links
- related to
-
SERVER-15459 Check new X509 user names against _clusterIdMatch
-
- Closed
-