db.copyDatabase has parameters: fromhost, username and password. However, the user is only authenticated against the fromdb.
We use many databases but store our user authentication in the admin database. There should be an optional 'authdb' parameter which allows the user to be authenticated against that instead.
It seems inconsistent, since we can connect to a mongo server using any database as the authdb, and then access other databases.