<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:14:35 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-7455] Replace the keyfile used for replica sets with x.509 authentication </title>
                <link>https://jira.mongodb.org/browse/SERVER-7455</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The current cluster authentication keyfile solution has some room for improvement including &lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;It is difficult/impossible to change the keyfile in a running system&lt;/li&gt;
	&lt;li&gt;All cluster members use the same keyfile&lt;/li&gt;
	&lt;li&gt;The password contained in the keyfile is in cleartext as described in the original ticket.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;As part of implementing x.509 authentication for clients, introduce the possibility to use x.509 for internal cluster authentication. The keyfile solution will be kept on (for now).&lt;/p&gt;

&lt;p&gt;Original ticket: &quot;The keyfile used for replica sets (defined by the keyFile entry in the coinfiguartion file) should not contain a simple clear text entry. This should be encrypted or stored by some other method as at present this means it would be possible for someone to access data by setting up a new replica set member using this key. It is also a general compliance issue for any password or key to be stored in a file in clear text.&quot;&lt;/p&gt;</description>
                <environment>RHEL 6</environment>
        <key id="54175">SERVER-7455</key>
            <summary>Replace the keyfile used for replica sets with x.509 authentication </summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="andreas.nilsson">Andreas Nilsson</assignee>
                                    <reporter username="simon.harvey@citi.com">Simon Harvey</reporter>
                        <labels>
                    </labels>
                <created>Wed, 24 Oct 2012 09:58:20 +0000</created>
                <updated>Tue, 27 Oct 2015 14:37:00 +0000</updated>
                            <resolved>Mon, 30 Sep 2013 18:25:50 +0000</resolved>
                                    <version>2.2.0</version>
                                    <fixVersion>2.5.3</fixVersion>
                                    <component>Replication</component>
                    <component>Security</component>
                                        <votes>1</votes>
                                    <watches>9</watches>
                                                                                                                <comments>
                            <comment id="439924" author="auto" created="Fri, 11 Oct 2013 21:13:27 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; Improvements to the use-x509 and use-ssl passthroughs&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/8cd3c95861417614dfac3a8cbf9f6c7621d40e93&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/8cd3c95861417614dfac3a8cbf9f6c7621d40e93&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="435265" author="auto" created="Thu, 3 Oct 2013 16:24:42 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; x.509 cluster auth tests&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/7db361fe2dac4a533f3f51bf51a2c35b99488cc1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/7db361fe2dac4a533f3f51bf51a2c35b99488cc1&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="433287" author="auto" created="Mon, 30 Sep 2013 18:25:20 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; x.509 cluster auth tests and expanded use-ssl passthrough&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/625e971353db40be3a3c91aa1c1d708af9705693&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/625e971353db40be3a3c91aa1c1d708af9705693&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="378061" author="auto" created="Wed, 10 Jul 2013 15:11:09 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; keyfile replacement, command line parameters and upgrade&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/6685c058c7bf4444f14fcae61f56b7783b5edebe&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/6685c058c7bf4444f14fcae61f56b7783b5edebe&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="375963" author="auto" created="Mon, 8 Jul 2013 10:01:14 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; Using common internal cluster auth function&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/7c21379b070154a381e3df340a1f830a074969b8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/7c21379b070154a381e3df340a1f830a074969b8&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="373648" author="auto" created="Wed, 3 Jul 2013 19:41:12 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;andy10gen&apos;, u&apos;name&apos;: u&apos;Andy Schwerin&apos;, u&apos;email&apos;: u&apos;schwerin@10gen.com&apos;}
&lt;p&gt;Message: Reapply &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; Common internal cluster auth function&quot;&lt;/p&gt;

&lt;p&gt;This reverts commit cd3101ca2f8e539a4ad425fa8e6da55a935dd2b1, but fixes a symbol&lt;br/&gt;
misplacement that broke linking.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/95efa9a5dd492f8abc85e412aaec9163c7a93ad2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/95efa9a5dd492f8abc85e412aaec9163c7a93ad2&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="373589" author="auto" created="Wed, 3 Jul 2013 18:31:54 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: Revert &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; Common internal cluster auth function&quot;&lt;/p&gt;

&lt;p&gt;Broke auth C++ unit tests&lt;/p&gt;

&lt;p&gt;This reverts commit 00fb45cd97d2314548dc07c2c8e1cc1737fd273f.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/cd3101ca2f8e539a4ad425fa8e6da55a935dd2b1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/cd3101ca2f8e539a4ad425fa8e6da55a935dd2b1&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="373547" author="auto" created="Wed, 3 Jul 2013 17:32:00 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; Common internal cluster auth function&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/00fb45cd97d2314548dc07c2c8e1cc1737fd273f&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/00fb45cd97d2314548dc07c2c8e1cc1737fd273f&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="359351" author="auto" created="Thu, 13 Jun 2013 10:50:56 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7455&quot; title=&quot;Replace the keyfile used for replica sets with x.509 authentication &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7455&quot;&gt;&lt;del&gt;SERVER-7455&lt;/del&gt;&lt;/a&gt; &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7961&quot; title=&quot;Use x.509 certificates for authentication&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7961&quot;&gt;&lt;del&gt;SERVER-7961&lt;/del&gt;&lt;/a&gt; x.509 authentication and keyfile replacement&lt;/p&gt;

&lt;p&gt;Basic support for x.509 authentication of clients and for internal&lt;br/&gt;
x.509 authentication of cluster members.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/e23ee681ca40f271ddbbd840f155a9b13102f148&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/e23ee681ca40f271ddbbd840f155a9b13102f148&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="219069" author="davidburke" created="Wed, 19 Dec 2012 08:43:18 +0000"  >&lt;p&gt;This is also a problem for us. It&apos;s more of an issue running mongos on windows where its harder to secure the permissions for the keyFile. We encrypt our connectionsStrings using this mechanism(&lt;a href=&quot;http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx&lt;/a&gt;) but its not much use if the keyFile is there in plaintext&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="78027">DOCS-1576</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10020">
                    <name>Gantt Dependency</name>
                                                                <inwardlinks description="has to be done after">
                                        <issuelink>
            <issuekey id="59663">SERVER-7961</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>10.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 24 Oct 2012 14:00:01 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 18 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ian@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 18 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>davidburke</customfieldvalue>
            <customfieldvalue>simon.harvey@citi.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrnk4n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrk77r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>31566</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10166" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Tests Written</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10154"><![CDATA[Complete]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlcgn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>