[SERVER-36406] db._authOrThrow should prioritize user specified authenticationMechanism instead of server's mechanisms - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 4.0.0
Fix Version/s: 4.0.2, 4.1.3
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0
Sprint:
Platforms 2018-08-27

Description

In ~~SERVER-32977~~, we prioritized the server's SASL mechanism priority over the client's choice. If the server supports Kerberos via GSSAPI, and PLAIN via LDAP authentication, the shell will try to connect using GSSAPI instead of PLAIN.

This occurs because in DB.prototype._authOrThrow, we never pass mechanism, take the following if, and this ignores the user's mechanism choice which sits in this._defaultAuthenticationMechanism.

        if (params.mechanism === undefined) {

            params.mechanism = this._getDefaultAuthenticationMechanism(params.user, this.getName());

Attachments

Activity

People

Assignee:: Sara Golemon

Reporter:: Mark Benvenuto

Participants:: Githook User, Mark Benvenuto, Sara Golemon

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Aug 01 2018 10:53:08 PM UTC

Updated:: Aug 24 2018 03:19:13 PM UTC

Resolved:: Aug 22 2018 06:19:25 PM UTC