Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-1654

Investigate changes in PM-2192: Deprecate authentication as multiple simultaneous users

    XMLWordPrintableJSON

Details

    • Icon: Epic Epic
    • Resolution: Won't Do
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • Needed

    Description

      Downstream Change Summary

      This project will deprecate the concept of simultaneously authenticating as multiple users on a single connection, with the intent to remove that feature in the future. To aid with deprecation, work done in this project will prevent that feature from being used in APIVersion 1.

      Description of Linked Ticket

      Epic Summary

      Summary

      This project will deprecate the ability for clients to authenticate to MongoDB as multiple users, with the intent to remove it in the next LTS release of the product.

      Motivation

      Historically, administrators were expected to create distinct sets of users in different databases, and delegate management responsibilities to per-database user administrators. To support this functionality, it has been possible to authenticate as two separate users from two different databases simultaneously. Clients authenticated as two users would possess the union of privileges possessed by both users.
      Clients no longer take advantage of this behaviour. For each connection they establish, compliant drivers authenticate exactly once using credentials provided in their configuration, which precludes multi-user authentication. Drivers automatically create implicit Logical Sessions which are incompatible with multi-user authentication. Attempting to use both features at the same time will result in an error.
      Support for multi-user authentication complicates the server's authorization logic, and makes it harder for implementers of the server's wire protocol to understand the authorization model. We should deprecate this behaviour with the intent to remove it in an upcoming release.

      Cast of Characters

      • Product Owner:
      • Project Lead:
      • Program Manager:
      • Drivers Contact:

      Documentation

      Scope Document
      Technical Design Document

      Attachments

        Activity

          People

            Unassigned Unassigned
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: