Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-2366

GSSAPI Authentication starts SASL conversation wrong

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 2.7.1
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
      None

      GSSAPI Authentication is beginning the SASL conversation with an empty payload.

      In 3.6 and before, MongoDB would return 

      { "conversationId" : 1, "done" : false, "payload" : new BinData(0, ""), "ok" : 1.0 }

      for an empty saslStart payload.

      In 4.0, MongoDB passes the empty client payload per SASL spec to Kerberos which starts negotiation.

      The C# driver should not pass an empty payload unless it wants to start SPNEGO.

      If the C# driver does start calling saslStart with a non-empty payload, this is compatible with all versions of MongoDB.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: