Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14655

x.509 certificate authentication requires O,OU to differ between client and server

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 2.6.3
    • Fix Version/s: Backlog
    • Component/s: Security
    • Sprint:
      Security 2020-08-10
    • Case:

      Description

      For x.509 certificate authentication, MongoDB server will consider a certificate with identical subject name properties, a member of the cluster and not a client. For some organizations it may not be possible to obtain certificates meeting this requirement.

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-54136 Make the authenticate command respect enforceUserClusterSeparation

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-45938 Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              backlog-server-security Backlog - Security Team
              Reporter:
              mark.helmstetter Mark Helmstetter
              Participants:
              Votes:
              6 Vote for this issue
              Watchers:
              24 Start watching this issue

                Dates

                Created:
                Updated: