Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17908

Allow getCmdLineOpts to be executed locally against an arbiter in an authenticated replica set

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.0.3, 3.1.2
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:
    • Sprint:
      Security 2 04/24/15

      Description

      Issue Status as of Apr 29, 2015

      ISSUE SUMMARY
      Because arbiters do not replicate data, they do not have a copy of a replica set's credentials, and therefore refuse all authentication attempts when auth is required. As a result certain operations required for basic maintenance and for integration with MMS, that were previousily available via the localhost exception, are no longer possible.

      This change makes following operations available to clients that have access to an arbiter via the localhost exception:

      • getCmdLineOpts
      • serverStatus
      • getParameter
      • shutdown

      WORKAROUNDS
      None.

      AFFECTED VERSIONS

      3.0.0, 3.0.1, and 3.0.2

      FIX VERSION
      The fix is included in the 3.0.3 production release.

      Original description

      In 2.6.x it was possible to execute getCmdLineOpts against an arbiter in an authenticated replica set. In 3.0.1 it is not.

      Please restore the ability to execute getCmdLineOpts against an arbiter in an authenticated replica set, at least from localhost.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: