[SERVER-11855] Unclear error message when saslauthd is down Created: 25/Nov/13  Updated: 17/Jan/23  Resolved: 13/Jan/23

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Adinoyi Omuya Assignee: Backlog - Security Team
Resolution: Won't Do Votes: 0
Labels: platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-15791 SASL: user name is not logged if auth... Closed
Assigned Teams:
Server Security
Participants:

 Description   

When trying to authenticate on the shell to an LDAP service (via saslauthd), if saslauthd is down, the following error message is registered in the mongod logs:
PLAIN authentication failed for username on $external ; ProtocolError SASL(-1): generic failure: Password verification failed.

In the mongo shell, we see Error: 18 Authentication failed. It is unclear from this message that saslauthd's unavailability is the cause of this problem. The same happens if the LDAP server is down (at least for users whose credentials aren't cached by saslauthd).



 Comments   
Comment by Adinoyi Omuya [ 17/Jan/23 ]

Thx for the context - it's not causing me any pain.

Comment by Judah Schvimer [ 17/Jan/23 ]

We haven't heard demand for this in a long time. adinoyi.omuya@mongodb.com, is this causing you significant pain?

Comment by Adinoyi Omuya [ 13/Jan/23 ]

elizabeth.roytburd@mongodb.com why won't this be fixed?

Comment by Andreas Nilsson [ 25/Mar/14 ]

This is also true if an incorrect saslauthd parameter is provided.

Generated at Thu Feb 08 03:26:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.