<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:12:08 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-6591] Localhost authentication exception doesn&apos;t work right on sharded cluster</title>
                <link>https://jira.mongodb.org/browse/SERVER-6591</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;If you have a sharded cluster all running on one machine, in 2.0 if you connect to the mongos via localhost and there are no admin users then it allows you full access to the mongos.  Since the connections between mongos and mongod have full access anyway, this gives you full access to the cluster.&lt;/p&gt;

&lt;p&gt;In 2.1.2+, however, authentication for commands is done on the mongods, with the credentials passed from mongos.  Some machines will not consider the connection from the mongos to the mongods to be a localhost connection if the cluster was configured using the machine&apos;s hostname.  This means that even though you connect to mongos on a local connection, some commands might still fail.&lt;/p&gt;

&lt;p&gt;On the other hand, some machines DO recognize the connection between mongos and mongod as a localhost connection.  On those machines if you add an admin user to the cluster, which should close the localhost backdoor, commands that are passed through to the mongods directly can still succeed, even without write authorization.  In order to disable the localhost exception completely, you need to add admin users to each shard directly.&lt;/p&gt;

&lt;p&gt;This only affects clusters that are all running on the same machine, so it&apos;s not really a security hole, it&apos;s more a problem for our test infrastructure because it makes the behavior of authentication in tests vary based on which machine the tests are run on, and whether or not the connections between the mongos and mongods get considered local or not (seems to be related to whether the hostname for itself on the machine resolves to 127.0.0.1, or to the machine&apos;s public IP address). &lt;/p&gt;</description>
                <environment></environment>
        <key id="45340">SERVER-6591</key>
            <summary>Localhost authentication exception doesn&apos;t work right on sharded cluster</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="spencer@mongodb.com">Spencer Brody</assignee>
                                    <reporter username="spencer@mongodb.com">Spencer Brody</reporter>
                        <labels>
                    </labels>
                <created>Wed, 25 Jul 2012 16:14:28 +0000</created>
                <updated>Tue, 27 Oct 2015 14:38:50 +0000</updated>
                            <resolved>Tue, 20 Nov 2012 19:55:33 +0000</resolved>
                                    <version>2.2.0-rc0</version>
                                    <fixVersion>2.2.4</fixVersion>
                    <fixVersion>2.3.1</fixVersion>
                                    <component>Security</component>
                    <component>Sharding</component>
                                        <votes>1</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="296700" author="auto" created="Sat, 23 Mar 2013 19:03:40 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-03-23T19:03:05Z&apos;, u&apos;name&apos;: u&apos;Tad Marshall&apos;, u&apos;email&apos;: u&apos;tad@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Visual Studio &amp;#8211; adapt to renamed and added files&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/8e252ca206118f3b64ccef4e857e2e84c26a10e0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/8e252ca206118f3b64ccef4e857e2e84c26a10e0&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="277372" author="auto" created="Wed, 27 Feb 2013 19:09:57 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-27T19:08:06Z&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix localhostAuthBypass tests to work on 2.2, where GLE requires auth to run&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/cd6d81d6db45da1df6ad5b357d23d7b1e2f514ca&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/cd6d81d6db45da1df6ad5b357d23d7b1e2f514ca&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="277371" author="auto" created="Wed, 27 Feb 2013 19:09:55 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-11T23:06:33Z&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix test&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/206bd9372623375aee7bd1c67520d93f96508105&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/206bd9372623375aee7bd1c67520d93f96508105&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="277370" author="auto" created="Wed, 27 Feb 2013 19:09:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-11T18:28:07Z&apos;, u&apos;name&apos;: u&apos;Craig Wilson&apos;, u&apos;email&apos;: u&apos;craiggwilson@gmail.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt;: added tests for bypassing authentication when connected with a localhost to a server that has no admin users.&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/8cadee62dea7b2db8acb07e9eb5e6bb87f18d9c8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/8cadee62dea7b2db8acb07e9eb5e6bb87f18d9c8&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="277369" author="auto" created="Wed, 27 Feb 2013 19:09:50 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-20T15:47:02Z&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Don&apos;t query config server when running with noauth&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/57ffb2b9993859213f6bc7cb8e664548377f6445&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/57ffb2b9993859213f6bc7cb8e664548377f6445&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="277368" author="auto" created="Wed, 27 Feb 2013 19:09:48 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-17T01:44:21Z&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix localhost auth exception in sharded systems&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/b4e33ce1ba54c6bfa4ff9ae0bd144d674e11c883&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/b4e33ce1ba54c6bfa4ff9ae0bd144d674e11c883&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="263608" author="auto" created="Mon, 11 Feb 2013 23:12:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-11T23:06:33Z&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix test&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/331ca28913a345af97ddd1bca5bcfe423f40789e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/331ca28913a345af97ddd1bca5bcfe423f40789e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="263356" author="auto" created="Mon, 11 Feb 2013 18:34:48 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-11T18:34:42Z&apos;, u&apos;name&apos;: u&apos;Spencer Brody&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;}
&lt;p&gt;Message: Merge pull request #374 from craiggwilson/server6591&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt;: added tests for bypassing authentication when connected wit...&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/918799b280d9920bc916f2e28e6dea37a3c86bfc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/918799b280d9920bc916f2e28e6dea37a3c86bfc&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="263355" author="auto" created="Mon, 11 Feb 2013 18:34:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-02-11T18:28:07Z&apos;, u&apos;name&apos;: u&apos;Craig Wilson&apos;, u&apos;email&apos;: u&apos;craiggwilson@gmail.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt;: added tests for bypassing authentication when connected with a localhost to a server that has no admin users.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/ae5f92aec64a2e65091cb53c4edfd77a12abacbf&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/ae5f92aec64a2e65091cb53c4edfd77a12abacbf&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="194955" author="auto" created="Tue, 20 Nov 2012 18:22:27 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-20T15:47:02Z&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Don&apos;t query config server when running with noauth&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/dac93da27163d2c1e0978a44ec814caaa80c5428&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/dac93da27163d2c1e0978a44ec814caaa80c5428&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="194954" author="auto" created="Tue, 20 Nov 2012 18:22:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-17T01:44:21Z&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix localhost auth exception in sharded systems&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/85abee65027409182c318d22aa79fd224e6b311c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/85abee65027409182c318d22aa79fd224e6b311c&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="194779" author="auto" created="Tue, 20 Nov 2012 14:51:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-20T14:43:01Z&apos;, u&apos;email&apos;: u&apos;milkie@10gen.com&apos;, u&apos;name&apos;: u&apos;Eric Milkie&apos;}
&lt;p&gt;Message: Revert &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix localhost auth exception in sharded systems&quot;&lt;/p&gt;

&lt;p&gt;This reverts commit d6fb51e8b1b224c90a025723bab6e605385ae338.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/675132c08da314433157016c3a0ee1187b55b65a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/675132c08da314433157016c3a0ee1187b55b65a&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="194281" author="auto" created="Tue, 20 Nov 2012 00:29:20 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-11-17T01:44:21Z&apos;, u&apos;email&apos;: u&apos;spencer@10gen.com&apos;, u&apos;name&apos;: u&apos;Spencer T Brody&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt; Fix localhost auth exception in sharded systems&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d6fb51e8b1b224c90a025723bab6e605385ae338&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d6fb51e8b1b224c90a025723bab6e605385ae338&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="188101" author="spencer" created="Tue, 13 Nov 2012 18:07:58 +0000"  >&lt;p&gt;Hi Ian,&lt;br/&gt;
I just updated the fix version on the ticket.  It will be fixed on the 2.2 series in 2.2.3, and will be fixed for the 2.4 release as well.&lt;/p&gt;</comment>
                            <comment id="188095" author="ipatton10000" created="Tue, 13 Nov 2012 18:02:24 +0000"  >&lt;p&gt;Now that we have clarified that this affects production clusters and not just test setups can we please prioritize a fix higher than &quot;2.3 desired&quot;? This is clearly a regression.&lt;/p&gt;</comment>
                            <comment id="187991" author="spencer" created="Tue, 13 Nov 2012 16:35:55 +0000"  >&lt;p&gt;Just the config servers and a mongos should be sufficient to add the first user to the admin database.&lt;/p&gt;</comment>
                            <comment id="187929" author="ipatton10000" created="Tue, 13 Nov 2012 15:46:02 +0000"  >&lt;p&gt;Eliot, your documentation now points to this ticket:&lt;br/&gt;
&lt;a href=&quot;http://docs.mongodb.org/manual/administration/security/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/administration/security/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;When setting up authentication for the first time you must either:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;add at least one user to the admin database before starting the mongod instance with auth.&lt;/li&gt;
	&lt;li&gt;add the first user to the admin database when connected to the mongod instance from a localhost connection. &lt;span class=&quot;error&quot;&gt;&amp;#91;1&amp;#93;&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;New in version 2.0: Support for authentication with sharded clusters. Before 2.0 sharded clusters had to run with trusted applications and a trusted networking configuration.&lt;/p&gt;

&lt;p&gt;Consider the Control Access to MongoDB Instances with Authentication document which outlines procedures for configuring and maintaining users and access with MongoDB&#8217;s authentication system.&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;error&quot;&gt;&amp;#91;1&amp;#93;&lt;/span&gt;	Because of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6591&quot; title=&quot;Localhost authentication exception doesn&amp;#39;t work right on sharded cluster&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6591&quot;&gt;&lt;del&gt;SERVER-6591&lt;/del&gt;&lt;/a&gt;, you cannot add the first user to a sharded cluster using the localhost connection in 2.2. If you are running a 2.2 sharded cluster, and want to enable authentication, you must deploy the cluster and add the first user to the admin database before restarting the cluster to run with keyFile.&lt;/p&gt;



&lt;p&gt;So what I experienced is exactly what is now documented. You cannot add a user to the admin database when starting a sharded cluster with --keyfile in MongoDB 2.2. &lt;/p&gt;

&lt;p&gt;What is the minimal set of mongo servers in my cluster that I need to start without the keyfile to get a user added? Just the 3 config servers and a MongoS? Or do any of the shards need to be up?&lt;/p&gt;</comment>
                            <comment id="187832" author="eliot" created="Tue, 13 Nov 2012 14:21:14 +0000"  >&lt;p&gt;Ian - this is really meant only for test clusters where &lt;em&gt;all&lt;/em&gt; nodes are on the same host.&lt;br/&gt;
What happened in your case?&lt;/p&gt;</comment>
                            <comment id="187789" author="ipatton10000" created="Tue, 13 Nov 2012 13:32:28 +0000"  >&lt;p&gt;I just got burned by this during a 2am redeployment. I had been planning to add authentication to our automated deployment process since mongo 2.0 but just got it done. Now I find out things do not work the way they were documented, and the fix is not even scheduled. This kind of thing is very very frustrating.&lt;/p&gt;

&lt;p&gt;I would prefer that things work the way they are intended before you add a single new feature. Please schedule this for a fix in 2.2.2 or 2.2.3 and not make us live with this for a year.&lt;/p&gt;</comment>
                            <comment id="160873" author="spencer" created="Wed, 5 Sep 2012 21:30:13 +0000"  >&lt;p&gt;@Zoiner, the easiest workaround for adding the first user to an authenticated cluster is to add the user with auth disabled on the whole cluster, then restart the cluster enabling auth.&lt;/p&gt;</comment>
                            <comment id="160748" author="zoinertejada" created="Wed, 5 Sep 2012 18:28:46 +0000"  >&lt;p&gt;So is there a workaround for enabling authentication at all on a distributed sharded cluster? See my reference architecture in Server-6936. If we want to automate setup, but are fine adding admins during setup is there a correct order in which we can enable security and use admin users instead of relying on the localhost authentication? For example, something like add the users to each member of the shard, then to the configs prior to starting routers? I&apos;m reaching here, I know, but trying to find a workaround that doesn&apos;t involve waiting for 2.3 &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.mongodb.org/images/icons/emoticons/wink.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                            <comment id="160672" author="spencer" created="Wed, 5 Sep 2012 16:30:22 +0000"  >&lt;p&gt;This also means that if you have a sharded cluster where the shards are not running on the same machine as the mongos, then even if you connect to the mongos over localhost, you will still have commands that run on the shards or config servers get denied.&lt;/p&gt;</comment>
                            <comment id="147634" author="spencer" created="Thu, 26 Jul 2012 15:54:34 +0000"  >&lt;p&gt;To fix this, you could have the mongos send the internalSecurityAuthenticationTable with all commands when the client connection is a localhost connection.&lt;/p&gt;

&lt;p&gt;You&apos;d also have to do something different for the other side of this: closing the localhost exception after adding the first admin user when the shards/config servers DO recognize the connections from mongos as local.  To do that you could make the localhost exception not apply to any connections authorized as __system.&lt;/p&gt;</comment>
                            <comment id="147627" author="spencer" created="Thu, 26 Jul 2012 15:50:05 +0000"  >&lt;p&gt;This also means that if you create a ShardingTest with useHostname:true, you cannot add the first admin user through the mongos, because the config servers won&apos;t allow the addUser to succeed because they will think the connection from the mongos is not local.&lt;/p&gt;</comment>
                            <comment id="147299" author="spencer" created="Wed, 25 Jul 2012 19:26:35 +0000"  >&lt;p&gt;Yes.  Setting useHostname to false makes it configure the whole set using &quot;localhost&quot; instead of the machine&apos;s hostname, this makes it recognize the connections between mongos and the mongos as local (with the problems described above that commands run on the shards can then succeed even after adding an admin user to the cluster).&lt;/p&gt;

&lt;p&gt;If useHostname is false, then some machines resolve the hostname to 127.0.0.1 and consider the connections to be local, whereas others resolve it to the machine&apos;s public IP, and don&apos;t.&lt;/p&gt;</comment>
                            <comment id="147184" author="renctan" created="Wed, 25 Jul 2012 16:23:27 +0000"  >&lt;p&gt;Have you tried using the useHostname option (for ShardingTest, ReplSetTest, MongoRunner.runMongod, etc)?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="62069">DOCS-993</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="49353">SERVER-6936</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>26.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 25 Jul 2012 16:23:27 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 47 weeks, 4 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ian@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 47 weeks, 4 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>ipatton10000</customfieldvalue>
            <customfieldvalue>randolph@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
            <customfieldvalue>zoinertejada</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrnu1z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrg39b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7430</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hri9k7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>