[SERVER-14906] Kerberos Login Mapping Functionality Created: 14/Aug/14 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | features we're not sure of |
| Type: | New Feature | Priority: | Minor - P4 |
| Reporter: | Osmar Olivo | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
Allow for custom mappings to be defined between Kerberos accounts and mongodb users. The idea here being that the mongodb account names do not precisely match up with the kerberos account username and the kerberos account has the possibility to log in to any account out of the subset it is mapped to. The reason this feature would be useful is for limiting the permissions/privileges a user runs with that user being able to temporarily elevate privileges during emergencies. The key here is to have all of these actions be audited appropriately. |