Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-48693

Add network counter for cluster authentication

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.7.0
    • Component/s: None
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Sprint:
      Security 2020-07-27, Security 2020-08-10, Security 2020-08-24, Security 2020-09-07
    • Linked BF Score:
      43

      Description

      We currently provide counters in server status for the number of attempted and successful authentications per mechanism.

      We should provide an additional counter which indicates the number of authentication attempts for intra-cluster auth.  For X.509 this means an RDN satisfying the isClusterMember() definition.  For user/password mechanisms such as SCRAM, this means authentications using the admin.__system user.

      The counts in "clusterAuthenticate" will represent a subset of the total number of authentications counted by "authenticate".  We will NOT exclude them from the "authenticate" count.

      Reference https://github.com/mongodb/mongo/commit/7250f407321e70bcb76bb1e21a7679670d29919d which added the existing counters for where to make these changes.

       

      serverStatus:
       
      security.authentication.mechanisms[$mechanism] = {
        // These two sections already exist and should not be changed.
        "authenticate": { received: ###, successful: ### },
        "speculativeAuthenticate: { received: ###, successful: ### },
       
        // This section would be new:
        "clusterAuthenticate": {
          received: NumberLong(...), // Number of authentication attempts made for __system or X.509 cluster member
          successful: NumberLong(...), // Number of the above attempts which succeeded.
        },
      }

        Attachments

          Activity

            People

            Assignee:
            adam.cooper Adam Cooper (Inactive)
            Reporter:
            sara.golemon Sara Golemon
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: