[SERVER-15349] Authenticate users by hostname Created: 22/Sep/14 Updated: 24/May/21 Resolved: 08/Oct/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Minor - P4 |
| Reporter: | Jason Zucchetto | Assignee: | Andreas Nilsson |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
Similar to http://dev.mysql.com/doc/refman/5.1/en/account-names.html |
| Comments |
| Comment by Ween Jiann Lee [ 24/May/21 ] |
|
I understand this is a very old issue, but I don't think that the intent of the reporter/author is addressed here. If that is not the case, I will open another issue. Currently,
This is particularly important when working with a Kubernetes cluster, where it is not meaningful to use IPs. Instead, a reverse lookup via DNS PTR like what is used in MySQL or MariaDB would be more suitable. A reverse lookup of a POD IP will yield something along the lines of `<xxx-xxx-xxx-xxx>.<svc-name>.<namespace>.svc.cluster.local`, allowing a hostname with a wildcard to restrict a user to varying granularity (namespace or deployment level).
This would allow MongoDB Kubernetes operator to use authenticationRestrictions effectively.
|
| Comment by Andreas Nilsson [ 08/Oct/14 ] |
|
I will close this as a dupe and we'll track the discussion in |