[SERVER-58591] Better instrumentation for TLS authentication problem during concurrent tenant migration - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 5.0.0
Fix Version/s: 5.1.0-rc0
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

Failure from BF-21501

Show
Failure from BF-21501
Sprint:
Core Eng TPM 2021-07-30
Case:

Description

There is a race somewhere in TLS authentication during many concurrent tenant migrations. The recipient d20522 does not match the name coming with cert from the donor:

d20522| 2021-06-10T03:12:12.909+00:00 I  ACCESS   5286202 [conn16] "Different user name was supplied to saslSupportedMechs","attr":{"error":{"code":17,"codeName":"ProtocolError","errmsg":"Attempt to switch user during SASL authentication."}}

Need better logging in the chain, then will wait for it to happen again.

Attachments

Issue Links

is related to

SERVER-69464 "Attempt to switch user during SASL authentication" error when cluster is configured for x509 membership auth

Closed

Activity

People

Assignee:: Andrew Shuvalov (Inactive)

Reporter:: Andrew Shuvalov (Inactive)

Participants:: Andrew Shuvalov, Githook User, Vivian Ge

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Jul 15 2021 04:15:55 PM UTC

Updated:: Feb 13 2023 02:08:42 PM UTC

Resolved:: Jul 19 2021 01:09:43 PM UTC