Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54136

Make the authenticate command respect enforceUserClusterSeparation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.9.0, 4.4.5, 4.0.24, 4.2.14
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.4, v4.2, v4.0
    • Sprint:
      Security 2021-02-22
    • Case:

      Description

      The enforceUserClusterSeparation setParameter introduced by SERVER-45938 can be used to disable certain sanity checks in the createUser command, for clusters where they are not relevant.

      We should disable the equivalent checks in the authenticate command when this parameter is active, allowing "cluster member" certificates to authenticate as users stored in the $external database.

      We should also validate why tests introduced by SERVER-45938 didn't identify that this override wasn't present.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ben.caimano Benjamin Caimano (Inactive)
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: