[SERVER-52945] [auth] Make mongod use x509 auth on egress connections if NetworkInterface has SSLConnectionContext override even if other egress connections use keyFile auth Created: 19/Nov/20 Updated: 29/Oct/23 Resolved: 11/Dec/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Esha Maharishi (Inactive) | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | pm-1791_milestone-P | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2020-11-30, Security 2020-12-14 |
| Participants: |
| Description |
|
In serverless, the replica sets will use keyFile auth on outgoing connections to each other, but will use x509 auth to authenticate external clients. When a donor and recipient replica set talk to each other, they will authenticate to each other as external clients, so need to use x509 auth on their outgoing connections to each other even though they will continue to use keyFile auth on their outgoing connections to their own replica set members. Mongod does not currently support using a mix of keyFile and x509 auth on outgoing connections; this ticket is to add this support. |
| Comments |
| Comment by Githook User [ 11/Dec/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |