<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:06:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-13117] X.509 auth page does not state that a user with credentials may be  required</title>
                <link>https://jira.mongodb.org/browse/DOCS-13117</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h2&gt;

&lt;p&gt;I attempted to follow the instructions in &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&lt;/a&gt; to configure x.509 authentication. This was on a brand new deployment created with mlaunch &lt;b&gt;which had no existing users&lt;/b&gt;. My idea was to create the first and only user with x.509 authentication.&lt;/p&gt;

&lt;p&gt;However, when attempting to create the user (or run other administrative commands), the server always replied with &quot;unauthorized&quot; error even though I have not enabled auth.&lt;/p&gt;

&lt;p&gt;Investigating this, I believe the following occurred:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;mlaunch uses --keyFile option to set up cluster authentication.&lt;/li&gt;
	&lt;li&gt;Per &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/&lt;/a&gt;, this enables authentication for clients as well, subject to the &quot;localhost interface exception&quot;.&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://docs.mongodb.com/manual/core/security-users/#localhost-exception&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/core/security-users/#localhost-exception&lt;/a&gt; talks about this exception, and specifically mentions that &quot;Changed in version 3.0: The localhost exception changed so that these connections only have access to create the first user on the admin database.&quot;&lt;/li&gt;
	&lt;li&gt;Since the x.509 user is created on $external database, this call to create the user failed.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Therefore it is my impression that in order to create an x.509 user, when the deployment uses member authentication, one must already have another user with credentials (stored in admin database) created. This is not mentioned in &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&lt;/a&gt;.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;Scopeofchanges&quot;&gt;&lt;/a&gt;Scope of changes&lt;/h2&gt;
&lt;ul&gt;
	&lt;li&gt;Re-validate x.509 tutorial and confirm additional step required in 4.2, 4.0, 3.6&lt;/li&gt;
	&lt;li&gt;Check w/ security if there are additional workarounds here&lt;/li&gt;
	&lt;li&gt;Document and backport&lt;/li&gt;
&lt;/ul&gt;


&lt;h2&gt;&lt;a name=&quot;ImpacttoOtherDocs&quot;&gt;&lt;/a&gt;Impact to Other Docs&lt;/h2&gt;

&lt;p&gt;Given that LDAP users are also created on &lt;tt&gt;$external&lt;/tt&gt; I can only assume this issue also applies there. LDAP is a bit of a beast, so &lt;b&gt;if&lt;/b&gt; this behavior is intentional and generally true we may need to open up additional tickets to fix this.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;MVP%28WorkandDate%29&quot;&gt;&lt;/a&gt;MVP (Work and Date)&lt;/h2&gt;
&lt;h2&gt;&lt;a name=&quot;Resources%28ScopeorDesignDocs%2CInvision%2Cetc.%29&quot;&gt;&lt;/a&gt;Resources (Scope or Design Docs, Invision, etc.)&lt;/h2&gt;</description>
                <environment></environment>
        <key id="969938">DOCS-13117</key>
            <summary>X.509 auth page does not state that a user with credentials may be  required</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="emet.ozar@mongodb.com">Emet Ozar</assignee>
                                    <reporter username="oleg.pudeyev@mongodb.com">Oleg Pudeyev</reporter>
                        <labels>
                            <label>docs-investigating</label>
                    </labels>
                <created>Tue, 15 Oct 2019 03:57:14 +0000</created>
                <updated>Mon, 30 Oct 2023 22:18:48 +0000</updated>
                            <resolved>Mon, 31 Oct 2022 16:23:30 +0000</resolved>
                                                    <fixVersion>Server_Docs_20231030</fixVersion>
                                    <component>manual</component>
                        <due>Fri, 11 Sep 2020 00:00:00 +0000</due>
                            <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="4940423" author="edu.bot" created="Mon, 31 Oct 2022 16:05:10 +0000"  >&lt;p&gt;Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!&lt;/p&gt;</comment>
                            <comment id="3426808" author="oleg.pudeyev" created="Mon, 5 Oct 2020 22:13:45 +0000"  >&lt;p&gt;Assigning to myself for tracking, will assign to &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jason.price&quot; class=&quot;user-hover&quot; rel=&quot;jason.price&quot;&gt;jason.price&lt;/a&gt; when done investigating.&lt;/p&gt;</comment>
                            <comment id="3384493" author="oleg.pudeyev" created="Thu, 10 Sep 2020 00:32:46 +0000"  >&lt;p&gt;In the description of the ticket I stated that mlaunch uses --keyFile option which enables authentication. I don&apos;t see this option being provided in the subsequent tests performed.&lt;/p&gt;

&lt;p&gt;I do not see this option referenced in &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/&lt;/a&gt; either, therefore perhaps the issue is really an mlaunch one.&lt;/p&gt;

&lt;p&gt;I am also confused why this ticket is marked fixed when it appears that no changes were made. What was the fix?&lt;/p&gt;</comment>
                            <comment id="3383652" author="JIRAUSER1254808" created="Wed, 9 Sep 2020 18:01:20 +0000"  >&lt;p&gt;No doc update needed.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="959532">RUBY-1949</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 15 Oct 2019 22:55:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 14 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCSP-1769</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 14 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>edu.bot</customfieldvalue>
            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>
            <customfieldvalue>jason.price@mongodb.com</customfieldvalue>
            <customfieldvalue>oleg.pudeyev@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvxjtb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hvm15j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4286">ServerDocs2020: Aug31 - Sep07</customfieldvalue>
    <customfieldvalue id="4303">ServerDocs2020: Sep8 - Sep14</customfieldvalue>
    <customfieldvalue id="4315">ServerDocs2020: Sep14 - Sep21</customfieldvalue>
    <customfieldvalue id="4320">ServerDocs2020: Sep21 - Sep28</customfieldvalue>
    <customfieldvalue id="4332">ServerDocs2020: Sep28 - Oct5</customfieldvalue>
    <customfieldvalue id="4352">ServerDocs2020: Oct5 - Oct12</customfieldvalue>
    <customfieldvalue id="4354">ServerDocs2020: Oct13 - Oct19</customfieldvalue>
    <customfieldvalue id="4369">ServerDocs2020: Oct20 - Oct27</customfieldvalue>
    <customfieldvalue id="4374">ServerDocs2020: Oct27 - Nov3</customfieldvalue>
    <customfieldvalue id="4387">ServerDocs2020: Nov3 - Nov 10</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvx62n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>