Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-2366

GSSAPI Authentication starts SASL conversation wrong

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 2.7.1
    • None
    • Security
    • None

    Description

      GSSAPI Authentication is beginning the SASL conversation with an empty payload.

      In 3.6 and before, MongoDB would return

      { "conversationId" : 1, "done" : false, "payload" : new BinData(0, ""), "ok" : 1.0 }
      

      for an empty saslStart payload.

      In 4.0, MongoDB passes the empty client payload per SASL spec to Kerberos which starts negotiation.

      The C# driver should not pass an empty payload unless it wants to start SPNEGO.

      If the C# driver does start calling saslStart with a non-empty payload, this is compatible with all versions of MongoDB.

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: