[SERVER-23431] Unable to update an existing user password Created: 30/Mar/16  Updated: 13/Apr/16  Resolved: 13/Apr/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Tarpan Pathak Assignee: Kelsey Schubert
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File mongo-passwd-update.txt    
Participants:

 Description   

Hi,
I'm using the db.changeUserPassword("username", "password") method to change an existing user password but upon trying the new password, I receive an "authentication failure" and I am still able to log in with the old password (see attached). What are the correct steps to change a user's password?



 Comments   
Comment by Tarpan Pathak [ 30/Mar/16 ]

Thanks Thomas. I am indeed using cloud manager and will go through the doc to reset the password. Let me also read through the upgrade doc.

Comment by Kelsey Schubert [ 30/Mar/16 ]

Hi tarpan.pathak@bydeluxe.com,

After additional investigation, my understanding is that you are using automation to manage your cluster. If that is the case, the Automation Agent may be reverting your changes to ensure consistency. Please use Cloud Manager to change the password, and confirm that the update is successfully applied.

For information about upgrading MongoDB using Cloud Manager, please review our documentation here.

Thank you,
Thomas

Comment by Tarpan Pathak [ 30/Mar/16 ]

Hi Thomas,
Here are my answers:
1. Are you attempting to authenticate into the same node where you executed db.changeUserPassword()?

  • Yes. I tried all nodes within the cluster but received the same result.
    2. Where is the user currently authenticated when you modify the password?
  • Are you referring to the user whose password is being updated or the user that is logged in to the db to update another user's password? If the latter, I'm using an admin account to update another user's password on the specified db.
    3. Is the user still logged on from before the password change, when you reattempt to authenticate using the new password?
  • I'm uncertain so ow can I verify if an existing user is logged in?
    Also, I would like to note that it appears that you may be using MongoDB 3.0.0, which was released over a year ago. I would strongly recommend upgrading to at least the latest minor version, currently MongoDB 3.0.10, to take advantage of the fixes we have backported over the past year.
  • Understood, can you send me the upgrade directions so I can read through them and schedule a window if need be.
Comment by Kelsey Schubert [ 30/Mar/16 ]

Hi tarpan.pathak@bydeluxe.com,

Thanks for the report. To get a better understanding of what is going on here, please answer the following questions:

  1. Are you attempting to authenticate into the same node where you executed db.changeUserPassword()?
  2. Where is the user currently authenticated when you modify the password?
  3. Is the user still logged on from before the password change, when you reattempt to authenticate using the new password?

Also, I would like to note that it appears that you may be using MongoDB 3.0.0, which was released over a year ago. I would strongly recommend upgrading to at least the latest minor version, currently MongoDB 3.0.10, to take advantage of the fixes we have backported over the past year.

Kind regards,
Thomas

Generated at Thu Feb 08 04:03:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.