[SERVER-18165] After changeUserPassword on replica master, slave`s authorizen only by old password Created: 22/Apr/15  Updated: 11/May/15  Resolved: 09/May/15

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: 3.0.2
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Anton Assignee: Sam Kleinman (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-18290 Adding a read role for a user doesn't... Closed
Operating System: ALL
Sprint: Security 3 05/15/15
Participants:

 Description   

I change password on master node, but slaves use old password, the problem was resolved by restarting all secondary nodes



 Comments   
Comment by Sam Kleinman (Inactive) [ 07/May/15 ]

Thanks for getting back to us, and thanks for the report. Based on some testing, it looks like issue that you've hit here was resolved by SERVER-18290. This issue will be included in the 3.0.3 release. You can download the 3.0.3-rc2 release now to test the fix or wait until the 3.0.3 is final shortly.

Regards,
sam

Comment by Anton [ 29/Apr/15 ]

Hi, no.
My replica set placed in same network and has low ping and load.
I change password for user on PRIMARY, but I can not connect to SECONDARY (create a new connection) with new password.

Comment by Sam Kleinman (Inactive) [ 28/Apr/15 ]

Hello,

Thanks for your report, and I hope we can get to the bottom of this promptly.

We currently expect that after you change the password for a user, that all existing authenticated connections will continue to have authenticated connections for the lifetime of that connection. Even though old connections that authenticated using the old password may continue to exist, new connections must use the new password. Restarting the mongod will close all existing connections, which will force all new connections to use the new credentials.

The other behavior that you should be aware of is that credential data propagates to secondaries using the the same replication system as all other data in MongoDB. If replication is delayed for any reason (e.g. network, storage, etc.) we expect the propagation of credentials to be delayed.

Is either of these explanations consistent with the behavior you observed?

Cheers,
sam

Generated at Thu Feb 08 03:46:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.