[SERVER-11066] Authentication failure not honored in replset health poll Created: 07/Oct/13  Updated: 04/Dec/14  Resolved: 01/Dec/14

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: None
Fix Version/s: 2.8.0-rc2

Type: Bug Priority: Major - P3
Reporter: Kyle Erf Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: elections
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-11065 Replica set with keyFile authenticati... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Adding a new node to a x509 authenticated replica set cluster that does not have valid authentication credentials will still add that node to the replica set configuration, even though that new node cannot communicate with the rest of the set.

The reason behind this behavior is that the return value of the auth call is not checked in the replset health poll. The polling thread will continue to try to poll regardless of the failed auth. If the servers are on the same host and localhost exception is enabled the poll will succeed.

The fix should consist in checking the return value of the auth call and consider the poll failed if auth fails.

Related to: SERVER-11065



 Comments   
Comment by Spencer Brody (Inactive) [ 01/Dec/14 ]

I cannot reproduce in 2.8-rc1, seems to have gone away with the replication refactor for 2.8

Generated at Thu Feb 08 03:24:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.