-
Type: Bug
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: 5.0.8, 6.0.0
-
Component/s: Security
-
None
-
Server Security
-
ALL
-
-
(copied to CRM)
I'm able to easily reproduce the issue from SERVER-58591 on v6.0:
{"t":{"$date":"2022-09-06T17:15:51.971+10:00"},"s":"I", "c":"ACCESS", "id":5286202, "ctx":"conn24","msg":"Different user name was supplied to saslSupportedMechs","attr":{"error":{"code":17,"codeName":"ProtocolError","errmsg":"Attempt to switch database target during SASL authentication from __system@local to @$external"}}} {"t":{"$date":"2022-09-06T17:15:51.971+10:00"},"s":"I", "c":"ACCESS", "id":20429, "ctx":"conn24","msg":"Successfully authenticated","attr":{"client":"127.0.0.1:34638","mechanism":"MONGODB-X509","user":"CN=*.domain.net,OU=mongodb,O=MongoDB,L=Sydney,ST=NSW,C=AU","db":"$external"}}
I don't think there is anything wrong with the config as user connections are not required for the issue to manifest.
This looks to be a benign issue as I don't see any functional problems with how the cluster is operating. But the fact that it is raised as an error is concerning the users.
- duplicates
-
SERVER-70242 Intracluster X509 authentication can trigger "Different user name was supplied to saslSupportedMechs"
- Closed
- related to
-
SERVER-58591 Better instrumentation for TLS authentication problem during concurrent tenant migration
- Closed