• Type: Icon: Epic Epic
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: Kerberos
    • None
    • To Do
    • Kerberos V3

      This epic covers reorganizing the mongo_kerberos library to not duplicate driver code, which is a breaking change, and other changes that significantly change the structure of the mongo_kerberos library. It is expected that when this work is complete, mongo_kerberos 3.0 will be released.

      Required work:

      Clearly separate responsibility between the driver and mongo_kerberos - leave the authenticators in mongo_kerberos, move auth mechanism and conversation code to driver.
      Make MRI and JRuby authenticators the same (same class name, same API).

      Optional work:

      Add locking around cyrus-sasl calls.
      Consider rewriting the MRI extension using FFI.

      The potential rewrite of mongo_kerberos using FFI would make it possible to use cyrus-sasl from JRuby. This could be beneficial because the native Java Kerberos authenticator must be configured globally in a certain way, which could possibly interfere with other application requirements. The design for Kerberos V3 should account for the possibility of JRuby having two usable authenticators - the FFI one using cyrus-sasl and the native Java one.

            Assignee:
            Unassigned Unassigned
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: