[SERVER-18165] After changeUserPassword on replica master, slave`s authorizen only by old password Created: 22/Apr/15 Updated: 11/May/15 Resolved: 09/May/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication, Security |
| Affects Version/s: | 3.0.2 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Anton | Assignee: | Sam Kleinman (Inactive) |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Sprint: | Security 3 05/15/15 | ||||||||
| Participants: | |||||||||
| Description |
|
I change password on master node, but slaves use old password, the problem was resolved by restarting all secondary nodes |
| Comments |
| Comment by Sam Kleinman (Inactive) [ 07/May/15 ] |
|
Thanks for getting back to us, and thanks for the report. Based on some testing, it looks like issue that you've hit here was resolved by Regards, |
| Comment by Anton [ 29/Apr/15 ] |
|
Hi, no. |
| Comment by Sam Kleinman (Inactive) [ 28/Apr/15 ] |
|
Hello, Thanks for your report, and I hope we can get to the bottom of this promptly. We currently expect that after you change the password for a user, that all existing authenticated connections will continue to have authenticated connections for the lifetime of that connection. Even though old connections that authenticated using the old password may continue to exist, new connections must use the new password. Restarting the mongod will close all existing connections, which will force all new connections to use the new credentials. The other behavior that you should be aware of is that credential data propagates to secondaries using the the same replication system as all other data in MongoDB. If replication is delayed for any reason (e.g. network, storage, etc.) we expect the propagation of credentials to be delayed. Is either of these explanations consistent with the behavior you observed? Cheers, |