Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-61426

Legacy mongo shell sends authenticate command with database "admin" for X.509

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 5.3.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • v5.0, v4.4
    • Security 2022-01-10, Security 2022-01-24, Security 2022-02-07, Security 2022-02-21

      Based on some server-side logging, I see that using the legacy mongo shell v5.0.2 to connect with X.509 auth sends an "authenticate" command with the $db value set to "admin". This is how I'm connecting:

      > mongo --tlsAllowInvalidHostnames --tls --tlsCAFile ./testdata/certs/ca.pem --tlsCertificateKeyFile ./testdata/certs/client_combined.pem  --authenticationMechanism MONGODB-X509

      Using this against a locally running mongod succeeds, but interestingly, if I try to manually run such a command once authenticated, it fails as expected:

      > {"authenticate": {"$numberInt":"1"},"mechanism": "MONGODB-X509","user": "CN=x509TestClient","$db": "admin"}

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            divjot.arora@mongodb.com Divjot Arora (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: