[SERVER-14906] Kerberos Login Mapping Functionality Created: 14/Aug/14  Updated: 06/Dec/22

Status: Open
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: features we're not sure of

Type: New Feature Priority: Minor - P4
Reporter: Osmar Olivo Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Assigned Teams:
Server Security
Participants:
Case:

 Description   

Allow for custom mappings to be defined between Kerberos accounts and mongodb users.

The idea here being that the mongodb account names do not precisely match up with the kerberos account username and the kerberos account has the possibility to log in to any account out of the subset it is mapped to.

The reason this feature would be useful is for limiting the permissions/privileges a user runs with that user being able to temporarily elevate privileges during emergencies. The key here is to have all of these actions be audited appropriately.


Generated at Thu Feb 08 03:36:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.