Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.7.0
Affects Version/s: None
Component/s: None
Labels:
- neweng

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2020-07-27, Security 2020-08-10, Security 2020-08-24, Security 2020-09-07
Linked BF Score:
43

We currently provide counters in server status for the number of attempted and successful authentications per mechanism.

We should provide an additional counter which indicates the number of authentication attempts for intra-cluster auth. For X.509 this means an RDN satisfying the isClusterMember() definition. For user/password mechanisms such as SCRAM, this means authentications using the admin.__system user.

The counts in "clusterAuthenticate" will represent a subset of the total number of authentications counted by "authenticate". We will NOT exclude them from the "authenticate" count.

Reference https://github.com/mongodb/mongo/commit/7250f407321e70bcb76bb1e21a7679670d29919d which added the existing counters for where to make these changes.

serverStatus:

security.authentication.mechanisms[$mechanism] = {
  // These two sections already exist and should not be changed.
  "authenticate": { received: ###, successful: ### },
  "speculativeAuthenticate: { received: ###, successful: ### },

  // This section would be new:
  "clusterAuthenticate": {
    received: NumberLong(...), // Number of authentication attempts made for __system or X.509 cluster member
    successful: NumberLong(...), // Number of the above attempts which succeeded.
  },
}

Assignee:: Adam Cooper (Inactive)

Reporter:: Sara Golemon

Participants:: Adam Cooper, Githook User, Sara Golemon

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Jun 10 2020 04:03:36 PM UTC

Updated:: Oct 29 2023 10:07:14 PM UTC

Resolved:: Aug 24 2020 05:56:18 PM UTC

Details

Description

Attachments

Activity

People

Dates