-
Type: New Feature
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: auth
-
None
-
Fully Compatible
tl;dr:
- Monitoring-only sockets must not send SCRAM mechanism negotiation in isMaster and must not authenticate at all.
- Non-monitoring sockets (e.g. connection pool or single-threaded client) do a "normal" handshake and authenticate if there are credentials.
- An authentication error on a socket must close all (and only) non-monitoring sockets to the same server.
Possible backward breaking change:
- Some drivers were resetting a server's topology description to Unknown on an authentication error and should stop doing so. This means the topology will always be "correct" even when authentication fails.
- It will no longer be possible for authentication errors to be masked as server selection errors.
Detailed changes:
- is depended on by
-
CXX-1541 Handshake changes for SDAM and Auth
- Closed
-
PHPC-1153 Handshake changes for SDAM and Auth
- Closed
-
DRIVERS-466 Handshake changes for SDAM and Auth
- Closed
- related to
-
CDRIVER-4812 Single-threaded monitoring commands may include saslSupportedMechs beyond initial handshake
- In Progress