[SERVER-15349] Authenticate users by hostname Created: 22/Sep/14  Updated: 24/May/21  Resolved: 08/Oct/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Minor - P4
Reporter: Jason Zucchetto Assignee: Andreas Nilsson
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-15461 Mechanism to allow restricting auth b... Closed
Participants:

 Description   

Similar to http://dev.mysql.com/doc/refman/5.1/en/account-names.html



 Comments   
Comment by Ween Jiann Lee [ 24/May/21 ]

I understand this is a very old issue, but I don't think that the intent of the reporter/author is addressed here. If that is not the case, I will open another issue.

Currently, SERVER-15461 only restricts users via IP addresses or CIDR block. It does not include hostname or hostname with wildcards.

 

This is particularly important when working with a Kubernetes cluster, where it is not meaningful to use IPs.

Instead, a reverse lookup via DNS PTR like what is used in MySQL or MariaDB would be more suitable. A reverse lookup of a POD IP will yield something along the lines of `<xxx-xxx-xxx-xxx>.<svc-name>.<namespace>.svc.cluster.local`, allowing a hostname with a wildcard to restrict a user to varying granularity (namespace or deployment level). 

 

This would allow MongoDB Kubernetes operator to use authenticationRestrictions effectively.

 

Comment by Andreas Nilsson [ 08/Oct/14 ]

I will close this as a dupe and we'll track the discussion in SERVER-15451

Generated at Thu Feb 08 03:37:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.