-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
Security 2023-03-20, Security 2023-04-03, Security 2023-04-17
Today, servers determine whether a connecting client is a peer server node either via keyfile authentication or X.509. If X.509 authentication is enabled on the server and the connecting client's certificate has a subject name DN sharing the same O, OU, and DC attributes as the server's certificate, then the connecting client is considered as a peer server node.
In an effort to make this more customizable, we will add a configuration file option that will take priority over this default policy. The option will specify a set of subject name DN attributes and values that the server will check for in the connecting client's certificate. If they match, then the client will be treated as a peer server node.
- is duplicated by
-
SERVER-14655 x.509 certificate authentication requires O,OU to differ between client and server
- Closed