Refuse to authenticate / return an authentication-time error for Kerberos users with no roles in the cluster.

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Done
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • None
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Currently, if a user is defined externally (say as a Kerberos principal), and the mongo cluster has no knowledge of the user, it is possible to log in as that user, but all actions will be auth denied. It might be preferable for the authentication to fail with Unauthorized or AuthenticationFailed, instead.

              Assignee:
              DO NOT USE - Backlog - Platform Team
              Reporter:
              Andy Schwerin
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: