Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11574

Server using SSPI doesn't reject credentials using the default "mongodb" service name when told to use a different service name

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Minor - P4 Minor - P4
    • None
    • 2.5.3
    • Security
    • Fully Compatible
    • Windows
    • Security 2020-04-20

    Description

      When I start the server normally, then the server uses the "mongodb" service name. It accepts valid credentials where the client uses the "mongodb" service name and rejects valid credentials where the client uses the "mongoother" service name. This is what I would have expected to happen.

      However, when I start the server with setParameter=saslServiceName=mongoother, I get different results. It accepts valid credentials where the client uses the "mongodb" service name and also accepts valid credentials where the client uses the "mongoother" service name.

      I believe the server should either accept all service names that are registered with the owner's account, or only accept the one that is specified at startup (or the default when none is specified).

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            craig.wilson@mongodb.com Craig Wilson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: