Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12270

Make Kerberos auth error messages more verbose

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.7.6
    • Affects Version/s: None
    • Component/s: Logging, Security
    • Fully Compatible

      The Kerberos/SASL auth error document that is returned by the authentication command to the client should be made more verbose.

      One example is:

      // saslServerConnAuthorize in sasl_authentication_session.cpp
sasl_seterror(conn, 0, "saslServerConnAuthorize: ", "Requested identity not authenticated identity");

      that could include the names of the two mismatching identities.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: