Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-871

Support the MONGODB-X509 authentication mechanism

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.12.0, 3.0.0
    • Authentication
    • None

    Description

      This ticket is to support authentication using the distinguished subject name of the X.509 Certificate presented during SSL negotiation as the username.

      Essentially, this is yet another protocol in addition to MONGODB-CR and SASL that will need to be implemented.

      The command document for this mechanism is:

      {authenticate: 1, mechanism: 'MONGODB-X509', user: <username>}

      ...where <username> is the distinguished subject name of the X.509 client certificate in RFC 2253 format. It can be determined using openssl:

      openssl x509 -in </path/to/client.pem> -inform PEM -subject -nameopt RFC2253

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. SERVER-10322 The mongo shell should require a username when using MONGODB-X509 for authentication.

          • Minor - P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-7961 Use x.509 certificates for authentication

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              jeff.yemin@mongodb.com Jeffrey Yemin
              jeff.yemin@mongodb.com Jeffrey Yemin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: