Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-5479

Arbiter in authenticated replica set should allow and require login/auth for admin-only operations

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • 2.0.3, 2.1.0
    • None
    • Admin, Replication, Security
    • Tested on Ubuntu 11.10 64-bit with 2.0.3 and today's 2.1.1-pre- but probably the same on all platforms.
    • Security
    • Minor Change

    Description

      Create a replica set with one primary, one secondary and one arbiter, each started with --auth and --keyFile. Create a user in the admin database on the primary and log in with db.auth(). Admin-only commands like logRotate work on the primary. Set db to the local database on the secondary but do not log in with db.auth(). Admin-only commands fail as they should. Now set db to the local database on the arbiter. Admin-only commands work without log-in.

      This is convenient, since you CAN'T log in to the arbiter ... it has no admin database to hold the system.users collection.

      This is both inconsistent and a security problem. Once connected to the arbiter, the commands "use admin" and "db.shutdownServer()" will shut down the arbiter, for example.

      We should add a mechanism to make the admin.system.users collection from the primary available to the arbiter and enforced by the arbiter so that if authentication is running on the replica set then the arbiter follows the same rules as the primary and secondaries.

      Attachments

        Issue Links

          is depended on by

          New Feature - A new feature of the product, which has yet to be developed. DRIVERS-90 drivers must authenticate before calling isMaster()

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. PYTHON-523 Authenticate before calling ismaster

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. RUBY-616 Authenticate Before calling isMaster()

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-12143 Make some unauthenticated commands require auth

          • Major - P3 - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-23443 Executing logRotate on Aribiters

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-11075 Allow access to arbiters when auth is enabled

          • Major - P3 - Major loss of function.
          • Closed
          is related to

          Task - A task that needs to be done. DOCS-5728 Logrotate commands require caveats applying to auth on arbiter

          • Major - P3 - Major loss of function.
          • Backlog
          related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-15588 An arbiter should return an empty list of supported SASL mechanisms

          • Major - P3 - Major loss of function.
          • Backlog

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-12143 Make some unauthenticated commands require auth

          • Major - P3 - Major loss of function.
          • Closed

          Question - SERVER-57277 Arbiter nodes, (set to authenticate session against them), continue to expect authentication even after a resync.

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              Votes:
              42 Vote for this issue
              Watchers:
              66 Start watching this issue

              Dates

                Created:
                Updated: