Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Minor - P4
Fix Version/s: 2.5.2
Affects Version/s: 2.5.1
Component/s: Security, Shell
Labels:
- 26qa

Operating System:
ALL

In the 2.5.1 shell a username is not required to do X509 auth:

$ ./mongo --ssl --sslPEMKeyFile jstests/libs/client.pem 
MongoDB shell version: 2.5.1
connecting to: test
> use $external
switched to db $external
> db.auth({mechanism: 'MONGODB-X509'})
1

A username should be required for a number of reasons:

It's a sanity check that the user is using the correct x.509 cert.
Not requiring the username is inconsistent with all other authentication methods, including GSSAPI which also doesn't technically require a username.
Not requiring the username will be inconsistent with drivers that have no good way to decode the cert and derive the username.

is depended on by

JAVA-871 Support the MONGODB-X509 authentication mechanism

Closed

related to

SERVER-25082 It should not be required to specify user/subject when authenticating with x509

Closed

Assignee:: Andreas Nilsson

Reporter:: Bernie Hackett

Participants:: Andreas Nilsson, auto, Bernie Hackett

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jul 24 2013 06:19:27 PM UTC

Updated:: Sep 26 2016 10:12:00 PM UTC

Resolved:: Jul 30 2013 01:53:42 PM UTC