<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:11:35 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-6406] Add authentication module</title>
                <link>https://jira.mongodb.org/browse/SERVER-6406</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description></description>
                <environment></environment>
        <key id="43935">SERVER-6406</key>
            <summary>Add authentication module</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="schwerin@mongodb.com">Andy Schwerin</assignee>
                                    <reporter username="ian@mongodb.com">Ian Whalen</reporter>
                        <labels>
                    </labels>
                <created>Wed, 11 Jul 2012 15:56:57 +0000</created>
                <updated>Tue, 16 Nov 2021 13:19:31 +0000</updated>
                            <resolved>Wed, 3 Oct 2012 17:11:15 +0000</resolved>
                                                                    <component>Security</component>
                                        <votes>1</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="171018" author="schwerin" created="Wed, 3 Oct 2012 17:11:16 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7115&quot; title=&quot;Modular Authentication support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7115&quot;&gt;&lt;del&gt;SERVER-7115&lt;/del&gt;&lt;/a&gt; tracks progress on this issue.&lt;/p&gt;</comment>
                            <comment id="171017" author="schwerin" created="Wed, 3 Oct 2012 17:10:53 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7115&quot; title=&quot;Modular Authentication support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7115&quot;&gt;&lt;del&gt;SERVER-7115&lt;/del&gt;&lt;/a&gt; tracks progress on this feature.&lt;/p&gt;</comment>
                            <comment id="160884" author="schwerin" created="Wed, 5 Sep 2012 21:46:05 +0000"  >&lt;p&gt;@David, thanks for the clarification.  The current authentication mechanism in Mongo doesn&apos;t (to the best of my recollection) support transmitting the password at all, except when setting the shared secret in the create-user process.  As a result, it would require client modification to support externalizing password validation through PAM.  However, point taken, and we will at least consider PAM support.&lt;/p&gt;</comment>
                            <comment id="160879" author="david.mclennan@barclays.com" created="Wed, 5 Sep 2012 21:42:27 +0000"  >&lt;p&gt;For windows, sadly PAM is not naively available - however it would be reasonable to just use Kerberos via GSSAPI (which wraps the SSPI - please see here &lt;a href=&quot;http://msdn.microsoft.com/en-us/library/windows/desktop/aa380496(v=vs.85).aspx&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://msdn.microsoft.com/en-us/library/windows/desktop/aa380496(v=vs.85).aspx&lt;/a&gt;) since that&apos;s how the vast majority of windows services authenticate today.&lt;/p&gt;</comment>
                            <comment id="160850" author="david.mclennan@barclays.com" created="Wed, 5 Sep 2012 21:08:09 +0000"  >&lt;p&gt;@Andy, you are correct - the PAM stack is geared towards servicing username/password authentication and does not support the notion of ticket management (including encrypted transmission between the client &amp;amp; server) natively.  It does support authenticating user names &amp;amp; passwords via kerberos on the server side via pam_krb5 (which essentially takes the username &amp;amp; password and runs a kinit on the server side with them, if a TGT can be acquired, then its successful).&lt;/p&gt;

&lt;p&gt;Other vendors we work with support a &quot;dual authentication&quot; strategy where the server supports PAM for username and password authentication, and separately Kerberos for the client and server using the GSSAPI, which is available on all modern windows and unix distributions.&lt;/p&gt;

&lt;p&gt;PAM support for username/password authentication involves no work on the client, and a very modest amount of work on the server to externalize the authentication call to PAM.  (Note that most sites have the additional requirement that the password not be transmitted by the client to the server in clear text).&lt;/p&gt;

&lt;p&gt;Kerberos / GSSAPI support for username/password authentication involves work on both the client and server sides to make the necessary GSSAPI calls to acquire the necessary service tickets from the TGT credential cache and transmit that to the server in a secure manner.&lt;/p&gt;
</comment>
                            <comment id="159589" author="schwerin" created="Fri, 31 Aug 2012 22:08:49 +0000"  >&lt;p&gt;@David, it&apos;s a good idea.  However, as I understand it, PAM&apos;s kerberos support is geared towards initial logins &amp;#8211; obtaining a ticket granting ticket &amp;#8211; rather than obtaining a service ticket, as you would do when connecting to an IMAP server or database.  Suppose you&apos;re logged into your client machine, C.  The Mongo instance is running on machine S.  You have already obtained your TGT and it&apos;s cached on machine C.  You fire up the mongo shell, and wish to authenticate to the mongo instance on S.  How do you use PAM to get your service ticket, and provide it to the mongo instance on S?&lt;/p&gt;</comment>
                            <comment id="159499" author="david.mclennan@barclays.com" created="Fri, 31 Aug 2012 18:39:13 +0000"  >&lt;p&gt;Consider externalizing your authentication calls with PAM.  This would allow customers the flexibility of choosing what actual authentication mechanism to use via the pam configuration, and keep things in MongoDB lightweight.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="43936">SERVER-6407</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="20946">SERVER-3591</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="51249">SERVER-7115</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="50532">SERVER-7042</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 31 Aug 2012 18:39:13 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        11 years, 20 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 20 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>schwerin@mongodb.com</customfieldvalue>
            <customfieldvalue>david.mclennan@barclays.com</customfieldvalue>
            <customfieldvalue>ian@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrnw9j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrg40v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7556</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsa1of:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>