|
We looked at it together as part of the x.509 cluster auth testing. The issue was that it seemed like even when keyfile authentication failed the client node would still go ahead and perform operations. In our case successfully since all hosts were running on the same machine, hence the localhost exception kicked in. Will do some a proper investigation, I wanted the ticket for tracking.
|
|
I don't understand what you mean by "present" – do you mean listed as an active member of the cluster, or just listed in the replica set config?
To a config, you can also add nodes that are not currently reachable. I think reachability and the ability to authenticate are transient conditions that might be corrected by the admin after the set is configured, so I'm not sure it's a bug that you can add members that might not become active set members immediately.
|