[SERVER-41069] Ability to disable authorization via x509 extensions Created: 09/May/19  Updated: 29/Oct/23  Resolved: 11/Jun/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.4.22, 3.6.14, 4.0.11, 4.2.0-rc3, 4.3.1

Type: New Feature Priority: Major - P3
Reporter: Cory Mintz Assignee: Jonathan Reams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-12796 Docs for SERVER-41069: Ability to dis... Closed
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.2, v4.0, v3.6, v3.4
Sprint: Security 2019-06-17
Participants:

 Description   

The MONGODB-X509 auth mechanism has support for specifying user authorizations via a x509 extension in the client certificate.

When managing a database where I want to control the user authorizations, but I want the user to be able to issue their own client certificates, it is desirable to be able to disable this feature.



 Comments   
Comment by Githook User [ 10/Jul/19 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-41069 Add option to disable embedded roles from X509 certificates

(cherry picked from commit 85ec26ff72f4029c52c40fab796ad53533828e60)
(cherry picked from commit 20c801587e1dab2d9cb2d468a4b10e3549d91e24)
(cherry picked from commit c0f9667715e87634ba3d8d956e8bc9ae752518cf)
Branch: v3.6
https://github.com/mongodb/mongo/commit/727b84641088ff5b7c6908dea7139afa2e4695d0

Comment by Githook User [ 10/Jul/19 ]

Author:

{'name': 'Jonathan Reams', 'username': 'jbreams', 'email': 'jbreams@mongodb.com'}

Message: SERVER-41069 Add option to disable embedded roles from X509 certificates

(cherry picked from commit 85ec26ff72f4029c52c40fab796ad53533828e60)
(cherry picked from commit 20c801587e1dab2d9cb2d468a4b10e3549d91e24)
(cherry picked from commit c0f9667715e87634ba3d8d956e8bc9ae752518cf)
(cherry picked from commit 727b84641088ff5b7c6908dea7139afa2e4695d0)
Branch: v3.4
https://github.com/mongodb/mongo/commit/6dfb1512ab0a47fb9059f76831f0234a3d4e4679

Comment by Githook User [ 10/Jul/19 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-41069 Add option to disable embedded roles from X509 certificates

(cherry picked from commit 85ec26ff72f4029c52c40fab796ad53533828e60)
(cherry picked from commit 20c801587e1dab2d9cb2d468a4b10e3549d91e24)
Branch: v4.0
https://github.com/mongodb/mongo/commit/c0f9667715e87634ba3d8d956e8bc9ae752518cf

Comment by Githook User [ 08/Jul/19 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-41069 Add option to disable embedded roles from X509 certificates

(cherry picked from commit 85ec26ff72f4029c52c40fab796ad53533828e60)
Branch: v4.2
https://github.com/mongodb/mongo/commit/20c801587e1dab2d9cb2d468a4b10e3549d91e24

Comment by Githook User [ 11/Jun/19 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-41069 Add option to disable embedded roles from X509 certificates
Branch: master
https://github.com/mongodb/mongo/commit/85ec26ff72f4029c52c40fab796ad53533828e60

Comment by Sara Williamson [ 13/May/19 ]

cory.mintz what is the timeline on this?

Generated at Thu Feb 08 04:56:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.