[SERVER-17671] Refuse to complete initial sync from nodes with 2.4-style auth data Created: 19/Mar/15 Updated: 09/Jun/17 Resolved: 25/Mar/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.2, 3.1.1 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Alexander Komyagin | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
Currently we have a few authentication startup checks in 3.0:
These checks prevent mongod from starting even when auth is off, but without this improvement you can sync a 3.0 node from 2.6 node with the 2.4 auth schema, and it will work just fine until you try to restart the node. We should validate during initial sync that the sync source has a new enough auth schema version. |
| Comments |
| Comment by Githook User [ 27/Mar/15 ] |
|
Author: {u'username': u'kkmongo', u'name': u'Kamran Khan', u'email': u'kamran.khan@mongodb.com'}Message: Closes #940 Signed-off-by: Ramon Fernandez <ramon.fernandez@mongodb.com> |
| Comment by Githook User [ 27/Mar/15 ] |
|
Author: {u'username': u'kkmongo', u'name': u'Kamran Khan', u'email': u'kamran.khan@mongodb.com'}Message: Closes #940 Signed-off-by: Ramon Fernandez <ramon.fernandez@mongodb.com> |
| Comment by Githook User [ 25/Mar/15 ] |
|
Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@mongodb.com'}Message: This will restrict MongoDB 3.0 to cloning from nodes with auth schemas it supports. |
| Comment by Githook User [ 25/Mar/15 ] |
|
Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@mongodb.com'}Message: |
| Comment by Githook User [ 25/Mar/15 ] |
|
Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@mongodb.com'}Message: This will restrict MongoDB 3.0 to cloning from nodes with auth schemas it supports. |
| Comment by Githook User [ 25/Mar/15 ] |
|
Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@mongodb.com'}Message: |