-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: 2.0.3, 2.1.0
-
Component/s: Admin, Replication, Security
-
Environment:Tested on Ubuntu 11.10 64-bit with 2.0.3 and today's 2.1.1-pre- but probably the same on all platforms.
-
Server Security
-
Minor Change
-
(copied to CRM)
Create a replica set with one primary, one secondary and one arbiter, each started with --auth and --keyFile. Create a user in the admin database on the primary and log in with db.auth(). Admin-only commands like logRotate work on the primary. Set db to the local database on the secondary but do not log in with db.auth(). Admin-only commands fail as they should. Now set db to the local database on the arbiter. Admin-only commands work without log-in.
This is convenient, since you CAN'T log in to the arbiter ... it has no admin database to hold the system.users collection.
This is both inconsistent and a security problem. Once connected to the arbiter, the commands "use admin" and "db.shutdownServer()" will shut down the arbiter, for example.
We should add a mechanism to make the admin.system.users collection from the primary available to the arbiter and enforced by the arbiter so that if authentication is running on the replica set then the arbiter follows the same rules as the primary and secondaries.
- is depended on by
-
DRIVERS-90 drivers must authenticate before calling isMaster()
-
- Closed
-
-
PYTHON-523 Authenticate before calling ismaster
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is duplicated by
-
SERVER-23443 Executing logRotate on Aribiters
-
- Closed
-
-
-
- Closed
-
- related to
-
-
- Backlog
-
-
-
- Closed
-
-
SERVER-57277 Arbiter nodes, (set to authenticate session against them), continue to expect authentication even after a resync.
-
- Closed
-