[SERVER-10322] The mongo shell should require a username when using MONGODB-X509 for authentication. Created: 24/Jul/13  Updated: 26/Sep/16  Resolved: 30/Jul/13

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: 2.5.1
Fix Version/s: 2.5.2

Type: Bug Priority: Minor - P4
Reporter: Bernie Hackett Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by JAVA-871 Support the MONGODB-X509 authenticati... Closed
Related
related to SERVER-25082 It should not be required to specify ... Closed
Operating System: ALL
Participants:

 Description   

In the 2.5.1 shell a username is not required to do X509 auth:

$ ./mongo --ssl --sslPEMKeyFile jstests/libs/client.pem 
MongoDB shell version: 2.5.1
connecting to: test
> use $external
switched to db $external
> db.auth({mechanism: 'MONGODB-X509'})
1

A username should be required for a number of reasons:

  1. It's a sanity check that the user is using the correct x.509 cert.
  2. Not requiring the username is inconsistent with all other authentication methods, including GSSAPI which also doesn't technically require a username.
  3. Not requiring the username will be inconsistent with drivers that have no good way to decode the cert and derive the username.


 Comments   
Comment by auto [ 30/Jul/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-10322 Require username when using MONGODB-X509 in shell
Branch: master
https://github.com/mongodb/mongo/commit/24332496186afa78b3bb0cad4020206f962c0b72

Generated at Thu Feb 08 03:22:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.