Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.12.0, 3.0.0
Affects Version/s: None
Component/s: Authentication
Labels:
None

Server Compat:
- 2.5
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

This ticket is to support authentication using the distinguished subject name of the X.509 Certificate presented during SSL negotiation as the username.

Essentially, this is yet another protocol in addition to MONGODB-CR and SASL that will need to be implemented.

The command document for this mechanism is:

{authenticate: 1, mechanism: 'MONGODB-X509', user: <username>}

...where <username> is the distinguished subject name of the X.509 client certificate in RFC 2253 format. It can be determined using openssl:

openssl x509 -in </path/to/client.pem> -inform PEM -subject -nameopt RFC2253

depends on

SERVER-10322 The mongo shell should require a username when using MONGODB-X509 for authentication.

Closed

SERVER-7961 Use x.509 certificates for authentication

Closed

1.	3.0: Support the MONGODB-X509 authentication mechanism	JAVA-975		Closed	Jeffrey Yemin	3.0.0
2.	2.12: Support the MONGODB-X509 authentication mechanism	JAVA-976		Closed	Jeffrey Yemin	2.12.0

Assignee:: Jeffrey Yemin
Reporter:: Jeffrey Yemin
Reviewers:: None
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Jul 11 2013 09:34:33 PM UTC
Updated:: May 27 2022 01:23:19 AM UTC
Resolved:: Oct 03 2013 05:57:04 PM UTC
Confidence Status Last Update:: 27/Sep/13 4:08 PM

Details

Description

Attachments

Issue Links

Forms

Sub-Tasks

Activity

People

Dates