-
Type: Epic
-
Resolution: Unresolved
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Kerberos
-
None
-
To Do
-
Kerberos V3
This epic covers reorganizing the mongo_kerberos library to not duplicate driver code, which is a breaking change, and other changes that significantly change the structure of the mongo_kerberos library. It is expected that when this work is complete, mongo_kerberos 3.0 will be released.
Required work:
Clearly separate responsibility between the driver and mongo_kerberos - leave the authenticators in mongo_kerberos, move auth mechanism and conversation code to driver.
Make MRI and JRuby authenticators the same (same class name, same API).
Optional work:
Add locking around cyrus-sasl calls.
Consider rewriting the MRI extension using FFI.
The potential rewrite of mongo_kerberos using FFI would make it possible to use cyrus-sasl from JRuby. This could be beneficial because the native Java Kerberos authenticator must be configured globally in a certain way, which could possibly interfere with other application requirements. The design for Kerberos V3 should account for the possibility of JRuby having two usable authenticators - the FFI one using cyrus-sasl and the native Java one.
- related to
-
RUBY-1308 Fix GSSAPI support
- Released