This epic covers reorganizing the mongo_kerberos library to not duplicate driver code, which is a breaking change, and other changes that significantly change the structure of the mongo_kerberos library. It is expected that when this work is complete, mongo_kerberos 3.0 will be released.

Required work:

Clearly separate responsibility between the driver and mongo_kerberos - leave the authenticators in mongo_kerberos, move auth mechanism and conversation code to driver.
Make MRI and JRuby authenticators the same (same class name, same API).

Optional work:

Add locking around cyrus-sasl calls.
Consider rewriting the MRI extension using FFI.

The potential rewrite of mongo_kerberos using FFI would make it possible to use cyrus-sasl from JRuby. This could be beneficial because the native Java Kerberos authenticator must be configured globally in a certain way, which could possibly interfere with other application requirements. The design for Kerberos V3 should account for the possibility of JRuby having two usable authenticators - the FFI one using cyrus-sasl and the native Java one.