-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: manual
-
Labels:None
-
0.1
The authentication spec defines a authMechanismProperties option and lists gssapiServiceName as a deprecated alias for "authMechanismProperties=SERVICE_NAME:mongodb". At present, authMechanismProperties are only supported for the GSSAPI authMechanism. There are three documented authMechanismProperties; however, not all properties are supported by all drivers. "SERVICE_NAME" should exist in any driver, as it is a "MUST" according to the specification.
The addition of both options is discussed in the spec's version history, although that history has been in place since the spec was first publicized in f53b992. I don't have exact dates for these changes, but authMechanismProperties dates back to 2014 in JAVA-1466. If authMechanismProperties was introduced in conjunction with SCRAM-SHA-1, it's possible that this dates back to MongoDB 3.0.
Scope
Update authentication options table to include authMechanismProperties and it's supported properties:
SERVICE_NAME Drivers MUST allow the user to specify a different service name. The default is "mongodb". CANONICALIZE_HOST_NAME Drivers MAY allow the user to request canonicalization of the hostname. This might be required when the hosts report different hostnames than what is used in the kerberos database. The default is "false". SERVICE_REALM Drivers MAY allow the user to specify a different realm for the service. This might be necessary to support cross-realm authentication where the user exists in one realm and the service in another.
Note that authMechanismProperites apply only when authMechanism is GSSAPI.
Update gssapiServiceName to note that it's an alias for authMechanismProperties=SERVICE_NAME:mongodb