Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2913

Make tools prompt the user for a TLS client cert passwords

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 100.6.0
    • None
    • None

    Description

      Problem Statement/Rationale

      Old tools used to ask for a password interactively. This is no longer the case with new tools.

      Steps to Reproduce

      Point mongodump to a client certificate that has an encrypted private key (PKCS#5 or PKCS#8)

      Expected Results

      The utility unwraps the private key and leaves no trace of the password neither in the process table or in a configuration file on the disk

      Actual Results

      The utility fails with the can't load client certificate: no password provided to decrypt private key error

      Additional Notes

      The customer can't use a configuration file or the --sslPEMKeyPassword command-line parameter due to compliance reasons

      Attachments

        Issue Links

          related to

          Task - A task that needs to be done. TOOLS-636 mongodump should prompt for username when --authenticationMechanism=GSSAPI and --username is not provided

          • Major - P3 - Major loss of function.
          • Closed
          links to

          GitHub Pull Request (mongodb/mongo-tools master)

          Activity

            People

              dave.rolsky@mongodb.com Dave Rolsky
              andrey.brindeyev@mongodb.com Andrey Brindeyev
              Tim Fogarty
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: