Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10322

The mongo shell should require a username when using MONGODB-X509 for authentication.

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 2.5.2
    • Affects Version/s: 2.5.1
    • Component/s: Security, Shell
    • ALL

      In the 2.5.1 shell a username is not required to do X509 auth:

      $ ./mongo --ssl --sslPEMKeyFile jstests/libs/client.pem 
      MongoDB shell version: 2.5.1
      connecting to: test
      > use $external
      switched to db $external
      > db.auth({mechanism: 'MONGODB-X509'})
      1
      

      A username should be required for a number of reasons:

      1. It's a sanity check that the user is using the correct x.509 cert.
      2. Not requiring the username is inconsistent with all other authentication methods, including GSSAPI which also doesn't technically require a username.
      3. Not requiring the username will be inconsistent with drivers that have no good way to decode the cert and derive the username.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: