[SERVER-54136] Make the authenticate command respect enforceUserClusterSeparation Created: 29/Jan/21 Updated: 29/Oct/23 Resolved: 18/Feb/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0, 4.4.5, 4.0.24, 4.2.14 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Benjamin Caimano (Inactive) |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||||||
| Backport Requested: |
v4.4, v4.2, v4.0
|
||||||||||||||||||||||||||||||||||||
| Sprint: | Security 2021-02-22 | ||||||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||||||||||||||||||||||
| Description |
|
The enforceUserClusterSeparation setParameter introduced by We should disable the equivalent checks in the authenticate command when this parameter is active, allowing "cluster member" certificates to authenticate as users stored in the $external database. We should also validate why tests introduced by |
| Comments |
| Comment by Benjamin Caimano (Inactive) [ 19/Mar/21 ] |
|
Author: {'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com'}Message: (Regrettably attached the wrong jira ticket.) |
| Comment by Githook User [ 19/Mar/21 ] |
|
Author: {'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com'}Message: |
| Comment by Githook User [ 16/Mar/21 ] |
|
Author: {'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com'}Message: (cherry picked from commit 664eacb0a0924e6a9ab2d2043e0326946f027a39) |
| Comment by Githook User [ 15/Mar/21 ] |
|
Author: {'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com'}Message: |
| Comment by Simon Levesque [ 15/Mar/21 ] |
|
The big issue is that we were waiting for a long time on In other words, that is a blocker for us and we need that fix asap. thanks |
| Comment by Salman Baset [ 15/Mar/21 ] |
|
We are working on a back port for 4.0 and expect to deliver it in July time frame. |
| Comment by Githook User [ 18/Feb/21 ] |
|
Author: {'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com'}Message: |