Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-52945

[auth] Make mongod use x509 auth on egress connections if NetworkInterface has SSLConnectionContext override even if other egress connections use keyFile auth

    XMLWordPrintableJSON

Details

    • Fully Compatible
    • Security 2020-11-30, Security 2020-12-14

    Description

      In serverless, the replica sets will use keyFile auth on outgoing connections to each other, but will use x509 auth to authenticate external clients.

      When a donor and recipient replica set talk to each other, they will authenticate to each other as external clients, so need to use x509 auth on their outgoing connections to each other even though they will continue to use keyFile auth on their outgoing connections to their own replica set members.

      Mongod does not currently support using a mix of keyFile and x509 auth on outgoing connections; this ticket is to add this support.

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            esha.maharishi@mongodb.com Esha Maharishi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: