Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10306

Refuse to authenticate / return an authentication-time error for Kerberos users with no roles in the cluster.

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • None

      Currently, if a user is defined externally (say as a Kerberos principal), and the mongo cluster has no knowledge of the user, it is possible to log in as that user, but all actions will be auth denied. It might be preferable for the authentication to fail with Unauthorized or AuthenticationFailed, instead.

            Assignee:
            backlog-server-platform DO NOT USE - Backlog - Platform Team
            Reporter:
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: