[SERVER-15459] Check new X509 user names against _clusterIdMatch Created: 30/Sep/14  Updated: 03/Feb/20  Resolved: 01/Oct/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.1.9

Type: Improvement Priority: Major - P3
Reporter: Alexander Komyagin Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
causes SERVER-45938 Allow matching O/OU/DC in client x509... Closed
Related
is related to DOCS-5504 X509: User certificates and server ce... Closed
Backwards Compatibility: Minor Change
Sprint: Security A 10/09/15
Participants:

 Description   

Right now new user names are checked against the current server SN, but it isn't as useful as checking that the new user is not going to be recognized as the system user: https://github.com/mongodb/mongo/blob/r2.6.4/src/mongo/db/commands/authentication_commands.cpp#L343



 Comments   
Comment by Githook User [ 01/Oct/15 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-15459: Check new x509 names against _clusterIdMatch
Branch: master
https://github.com/mongodb/mongo/commit/5ed5b15d680b1aaa11bdcce05b16ab7d165d2c86

Generated at Thu Feb 08 03:38:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.