-
Type:
Bug
-
Resolution: Done
-
Priority:
Critical - P2
-
None
-
Affects Version/s: 3.0.2
-
Component/s: Security
-
None
-
ALL
-
-
None
-
0
-
None
-
None
-
None
-
None
-
None
-
None
If you attempt to authenticate on a mongos node with auditing enabled, the authentication attempt will fail. The logs will indicate an error in authentication:
2015-05-07T05:27:20.715+0000 I ACCESS [conn2] SCRAM-SHA-1 authentication failed for user on admin from client 127.0.0.1 ; BadValue "impersonatedUsers" is not a valid argument to usersInfo
There does not appear to be any further information in higher verbosity logs.
The audit log just indicates a 18 on the authentication attempt
Additionally, other security or authentication operations are not available is auditing if enabled. Trying to create a user gives a similar error in the shell:
mongos> db.createUser( { user : "user", pwd : "pword", roles : [ { role : "readWrite", db : "test" } ] } )
2015-05-07T05:48:00.359+0000 E QUERY Error: couldn't add user: "impersonatedUsers" is not a valid argument to rolesInfo
at Error (<anonymous>)
at DB.createUser (src/mongo/shell/db.js:1066:11)
at (shell):1:4 at src/mongo/shell/db.js:1066
Note : it is not necessary to enable --keyFile for this to fail, the authentication attempts will give the above error even when no authentication options are given in the config file/command line options