[SERVER-61426] Legacy mongo shell sends authenticate command with database "admin" for X.509 Created: 11/Nov/21 Updated: 29/Oct/23 Resolved: 14/Feb/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.3.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Divjot Arora (Inactive) | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v5.0, v4.4
|
||||
| Sprint: | Security 2022-01-10, Security 2022-01-24, Security 2022-02-07, Security 2022-02-21 | ||||
| Participants: | |||||
| Description |
|
Based on some server-side logging, I see that using the legacy mongo shell v5.0.2 to connect with X.509 auth sends an "authenticate" command with the $db value set to "admin". This is how I'm connecting:
Using this against a locally running mongod succeeds, but interestingly, if I try to manually run such a command once authenticated, it fails as expected:
|
| Comments |
| Comment by Githook User [ 11/Feb/22 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |