[SERVER-39128] Avoid double-authentication during connect from mongo shell Created: 22/Jan/19  Updated: 29/Oct/23  Resolved: 26/Jan/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.0.7, 4.1.8

Type: Improvement Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0
Sprint: Security 2019-01-28
Participants:
Linked BF Score: 5

 Description   

When launching the shell with a username/password specified, either by way of a mongodb:// uri or by pass -user/-password parameters, we see two authentications performed.

The first is the result of a call to MongoURI::connect() which contains a call to DBClientBase::auth().
The second is via db.auth() in the Javascript layer.

This results in multiple round-trips for the extra auth and in the case of Enterprise users, multiple "authenticate" entries in the audit log.



 Comments   
Comment by Githook User [ 06/Feb/19 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-39128 Avoid double-authentication

(cherry picked from commit 82e05d6c201fa59223aa40340a5d4ad84b32ac65)
(cherry picked from commit ac2279fdb62d64555e55077ba1113940a24afb04)
Branch: v4.0
https://github.com/mongodb/mongo/commit/4fe2030a4d04c6c7c6a041275d37ad72923e2875

Comment by Githook User [ 30/Jan/19 ]

Author:

{'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon'}

Message: SERVER-39128 Restore defaults propagation in dbshell
Branch: master
https://github.com/mongodb/mongo/commit/ac2279fdb62d64555e55077ba1113940a24afb04

Comment by Githook User [ 26/Jan/19 ]

Author:

{'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon'}

Message: SERVER-39128 Avoid double-authentication
Branch: master
https://github.com/mongodb/mongo/commit/82e05d6c201fa59223aa40340a5d4ad84b32ac65

Comment by Githook User [ 26/Jan/19 ]

Author:

{'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon'}

Message: SERVER-39128 Test for double-authentication in audit log
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/516389a1f9a0012059e242e60648da1e6c5ae522

Generated at Thu Feb 08 04:51:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.