[SERVER-30962] Internal authentication: allow different Organisation (O) for member certificates Created: 06/Sep/17  Updated: 30/Oct/23  Resolved: 07/Jan/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.1.7

Type: New Feature Priority: Major - P3
Reporter: James Phelan (Inactive) Assignee: Backlog - Security Team
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Participants:
Case:

 Description   

Certain use cases exist where it is necessary to have a different Organisation (O) in x509 certificates. Some examples of these cases are:

  • A company is in the process of changing its name, as a result, there will be different organisations specified in the member certificates for a period of time.
  • A sharded cluster or replica set spans multiple organisations each with a different organisation name.

The purpose of this feature request is to add support for certificates from multiple Organisations (O). When using x509 for internal authentication.



 Comments   
Comment by Jonathan Reams [ 07/Jan/19 ]

In SERVER-37835 we added a setParameter that lets an administrator set a fallback DN to be used for X509 cluster authentication. Currently only one DN can be specified at a time to support rolling over the DN used by the cluster without having to take the whole cluster down.

Generated at Thu Feb 08 04:25:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.