[SERVER-8429] Tools cannot use SASL authentication mechanisms. Created: 31/Jan/13 Updated: 19/Mar/13 Resolved: 13/Feb/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Tools |
| Affects Version/s: | 2.3.2 |
| Fix Version/s: | 2.4.0-rc1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Major Change | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Participants: | |||||||||||||
| Comments |
| Comment by auto [ 13/Feb/13 ] | |
|
Author: {u'date': u'2013-02-13T15:01:34Z', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}Message: The affected tests depended on a behavior of mongodump and mongorestore in 2.2 The tool behavior in 2.4 is to authenticate against the target database if one | |
| Comment by Andy Schwerin [ 13/Feb/13 ] | |
|
When running a tool against a server that requires authentication, behavior has changed. In earlier versions of the tools, some of the tools would attempt to authenticate using supplied credentials against the database that the tool was acting on, and if that failed, then try against the admin (and sometimes also local) database. In 2.4, the following determines what database is the target for authentication:
| |
| Comment by auto [ 13/Feb/13 ] | |
|
Author: {u'date': u'2013-02-13T01:30:03Z', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}Message: | |
| Comment by Andy Schwerin [ 12/Feb/13 ] | |
|
Mongo shell and tools now support both a --authenticationMechanism argument, controlling the default authentication mechanism, and a --authenticationDatabase argument, controlling which database is used as the "userSource" for authentication. In the shell, this allows you to authenticate a user from one database while having the db object at startup refer to a different database. E.g.,
| |
| Comment by auto [ 12/Feb/13 ] | |
|
Author: {u'date': u'2013-01-31T22:59:23Z', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}Message: Introduces a new overload of the auth() method of DBClientWithCommands to the The old ::auth() method remains and keeps its existing behavior. |