-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
Sharding 2018-12-31
We need to explicitly declare requiresAuth=false if we want commands that run without authentication to work with implicit sessions. We should review the below list of commands to make sure they do so.
Quoting SERVER-35753, the following commands should explicitly set requiresAuth to return false, so they may be run by unauthenticated clients:
- saslStart
- saslContinue
- authenticate
- getnonce
- connectionStatus
- buildInfo
- ping
- listCommands (but we rather it weren't per SERVER-35482)
- resetError
- getLastError
- getPrevError
- shutdown (but still has an auth check)
- ismaster
- whatsmyuri (internal)
- _isSelf (internal)
And the test only commands that don't require auth:
- configureFailPoint
- echo
- refreshLogicalSessionCacheNow
- waitForOngoingChunkSplits
We should investigate if any of these commands don't set requiresAuth to be false.
- is duplicated by
-
SERVER-34820 buildInfo fails when no users are authenticated
- Closed
- related to
-
SERVER-35382 _isSelf command needs to be marked requiresAuth false
- Closed
-
SERVER-35463 Mark listCommands as pre-auth
- Closed
-
SERVER-34653 don't even parse requiresAuth commands unless client is authenticated
- Closed