[SERVER-11065] Replica set with keyFile authentication continues to add node if authentication fails Created: 07/Oct/13  Updated: 10/Dec/14  Resolved: 18/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Kyle Erf Assignee: Andreas Nilsson
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-11066 Authentication failure not honored in... Closed
Operating System: ALL
Participants:

 Description   

A node added to a repl set with keyfile authentication will still be present in a the replica set if authentication fails



 Comments   
Comment by Andreas Nilsson [ 18/Oct/13 ]

Duplicates SERVER-11066, the root cause is the same.

Comment by Andreas Nilsson [ 08/Oct/13 ]

We looked at it together as part of the x.509 cluster auth testing. The issue was that it seemed like even when keyfile authentication failed the client node would still go ahead and perform operations. In our case successfully since all hosts were running on the same machine, hence the localhost exception kicked in. Will do some a proper investigation, I wanted the ticket for tracking.

Comment by Eric Milkie [ 08/Oct/13 ]

I don't understand what you mean by "present" – do you mean listed as an active member of the cluster, or just listed in the replica set config?
To a config, you can also add nodes that are not currently reachable. I think reachability and the ability to authenticate are transient conditions that might be corrected by the admin after the set is configured, so I'm not sure it's a bug that you can add members that might not become active set members immediately.

Generated at Thu Feb 08 03:24:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.