[SERVER-22848] Provide a method to validate a password Created: 25/Feb/16  Updated: 27/Feb/16  Resolved: 27/Feb/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.3.2
Fix Version/s: None

Type: New Feature Priority: Minor - P4
Reporter: guillaume dufour Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Hello,

the idea is to permit admin user to check if a password is valid on an other user without authenticate. db.auth permit to authenticate but i just want to check if my password are correct. The idea is to avoid password update if it's not necessary.

My context, mongodb_user ansible plugin. I want to have a real status if the user must be updated or not.

Regards,



 Comments   
Comment by Ramon Fernandez Marina [ 27/Feb/16 ]

dufgui, I do not believe this feature exists in other systems, and it is unclear that this functionality is desirable security-wise. For example, all password checks should always be audited as login attempts for security purposes; having the ability to check that a password is correct without such auditing could weaken systems against dictionary attacks.

Regards,
Ramón.

Generated at Thu Feb 08 04:01:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.