[SERVER-22848] Provide a method to validate a password Created: 25/Feb/16 Updated: 27/Feb/16 Resolved: 27/Feb/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.3.2 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Minor - P4 |
| Reporter: | guillaume dufour | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
Hello, the idea is to permit admin user to check if a password is valid on an other user without authenticate. db.auth permit to authenticate but i just want to check if my password are correct. The idea is to avoid password update if it's not necessary. My context, mongodb_user ansible plugin. I want to have a real status if the user must be updated or not. Regards, |
| Comments |
| Comment by Ramon Fernandez Marina [ 27/Feb/16 ] |
|
dufgui, I do not believe this feature exists in other systems, and it is unclear that this functionality is desirable security-wise. For example, all password checks should always be audited as login attempts for security purposes; having the ability to check that a password is correct without such auditing could weaken systems against dictionary attacks. Regards, |