Description
In the 2.5.1 shell a username is not required to do X509 auth:
$ ./mongo --ssl --sslPEMKeyFile jstests/libs/client.pem
|
MongoDB shell version: 2.5.1
|
connecting to: test
|
> use $external
|
switched to db $external
|
> db.auth({mechanism: 'MONGODB-X509'})
|
1
|
A username should be required for a number of reasons:
- It's a sanity check that the user is using the correct x.509 cert.
- Not requiring the username is inconsistent with all other authentication methods, including GSSAPI which also doesn't technically require a username.
- Not requiring the username will be inconsistent with drivers that have no good way to decode the cert and derive the username.
Attachments
Issue Links
- is depended on by
-
JAVA-871 Support the MONGODB-X509 authentication mechanism
-
- Closed
-
- related to
-
SERVER-25082 It should not be required to specify user/subject when authenticating with x509
-
- Closed
-