In the 2.5.1 shell a username is not required to do X509 auth:
$ ./mongo --ssl --sslPEMKeyFile jstests/libs/client.pem MongoDB shell version: 2.5.1 connecting to: test > use $external switched to db $external > db.auth({mechanism: 'MONGODB-X509'}) 1
A username should be required for a number of reasons:
- It's a sanity check that the user is using the correct x.509 cert.
- Not requiring the username is inconsistent with all other authentication methods, including GSSAPI which also doesn't technically require a username.
- Not requiring the username will be inconsistent with drivers that have no good way to decode the cert and derive the username.
- is depended on by
-
JAVA-871 Support the MONGODB-X509 authentication mechanism
- Closed
- related to
-
SERVER-25082 It should not be required to specify user/subject when authenticating with x509
- Closed