[SERVER-48693] Add network counter for cluster authentication Created: 10/Jun/20  Updated: 29/Oct/23  Resolved: 24/Aug/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.7.0

Type: Improvement Priority: Major - P3
Reporter: Sara Golemon Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-07-27, Security 2020-08-10, Security 2020-08-24, Security 2020-09-07
Participants:
Linked BF Score: 43

 Description   

We currently provide counters in server status for the number of attempted and successful authentications per mechanism.

We should provide an additional counter which indicates the number of authentication attempts for intra-cluster auth.  For X.509 this means an RDN satisfying the isClusterMember() definition.  For user/password mechanisms such as SCRAM, this means authentications using the admin.__system user.

The counts in "clusterAuthenticate" will represent a subset of the total number of authentications counted by "authenticate".  We will NOT exclude them from the "authenticate" count.

Reference https://github.com/mongodb/mongo/commit/7250f407321e70bcb76bb1e21a7679670d29919d which added the existing counters for where to make these changes.

 

serverStatus:
 
security.authentication.mechanisms[$mechanism] = {
  // These two sections already exist and should not be changed.
  "authenticate": { received: ###, successful: ### },
  "speculativeAuthenticate: { received: ###, successful: ### },
 
  // This section would be new:
  "clusterAuthenticate": {
    received: NumberLong(...), // Number of authentication attempts made for __system or X.509 cluster member
    successful: NumberLong(...), // Number of the above attempts which succeeded.
  },
}



 Comments   
Comment by Githook User [ 20/Aug/20 ]

Author:

{'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}

Message: SERVER-48693 Add network counter for cluster authentication
Branch: master
https://github.com/mongodb/mongo/commit/ad83ad71c3c65e0a7e8dcb0073069dbf6299b0bb

Comment by Githook User [ 19/Aug/20 ]

Author:

{'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}

Message: Revert "SERVER-48693 Add network counter for cluster authentication"

This reverts commit cad2d5b3ebfe416024d0276c410302e98f2b5037.
Branch: master
https://github.com/mongodb/mongo/commit/2362f32185a5868fc33b71abfe7923e4d417bb05

Comment by Githook User [ 18/Aug/20 ]

Author:

{'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}

Message: SERVER-48693 Add network counter for cluster authentication
Branch: master
https://github.com/mongodb/mongo/commit/cad2d5b3ebfe416024d0276c410302e98f2b5037

Comment by Githook User [ 17/Aug/20 ]

Author:

{'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}

Message: Revert "SERVER-48693 Add network counter for cluster authentication"

This reverts commit 24dd72daae9e4cf59ad51910058bc111f20edbff.
Branch: master
https://github.com/mongodb/mongo/commit/3cc779415f2777223b5549d3dfd1b85eef01842b

Comment by Githook User [ 14/Aug/20 ]

Author:

{'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}

Message: SERVER-48693 Add network counter for cluster authentication
Branch: master
https://github.com/mongodb/mongo/commit/24dd72daae9e4cf59ad51910058bc111f20edbff

Generated at Thu Feb 08 05:17:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.