[JAVA-871] Support the MONGODB-X509 authentication mechanism Created: 11/Jul/13 Updated: 27/May/22 Resolved: 03/Oct/13 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | None |
| Fix Version/s: | 2.12.0, 3.0.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Jeffrey Yemin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | Not Specified | Time Spent: | Not Specified |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Issue Links: |
|
|||||||||||||||
| Sub-Tasks: |
|
|||||||||||||||
| Server Compat: | 2.5 | |||||||||||||||
| Description |
|
This ticket is to support authentication using the distinguished subject name of the X.509 Certificate presented during SSL negotiation as the username. Essentially, this is yet another protocol in addition to MONGODB-CR and SASL that will need to be implemented. The command document for this mechanism is:
...where <username> is the distinguished subject name of the X.509 client certificate in RFC 2253 format. It can be determined using openssl: openssl x509 -in </path/to/client.pem> -inform PEM -subject -nameopt RFC2253 |
| Comments |
| Comment by auto [ 30/Sep/13 ] |
|
Author: {u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}Message: |
| Comment by auto [ 12/Aug/13 ] |
|
Author: {u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}Message: |