[DOCS-8909] It should not be required to specify user/subject when authenticating with x509 Created: 28/Sep/16 Updated: 13/Nov/23 Resolved: 03/Oct/18 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Server |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.0, 3.6, 4.0.0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113 |
| Type: | Task | Priority: | Minor - P4 |
| Reporter: | Emily Hall | Assignee: | Kay Kim (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Days since reply: | 5 years, 19 weeks ago | ||||||||
| Description |
|
At present with x509 enabled it is required that a user has to explicitly authenticate by specifying the subject:
That feels redundant and inconvenient as the user must have already supplied the certificate in order to connect to the server. I could understand the necessity of doing this if there was a way to supply a certificate for authentication different from the certificate used for connection, but it does not seem to be possible (please correct me if I am wrong). With x509 it would be nice to have a way to authenticate implicitly (given the user is already connected) or at least without specifying the subject. For example, we could authenticate the user automatically whenever mongo shell is started with "–authenticationMechanism MONGODB-X509" and with "--sslPEMKeyFile", e.g.:
|
| Comments |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |
| Comment by Githook User [ 03/Oct/18 ] |
|
Author: {'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}Message: |