Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36406

db._authOrThrow should prioritize user specified authenticationMechanism instead of server's mechanisms

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.0.2, 4.1.3
    • Affects Version/s: 4.0.0
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • v4.0
    • Platforms 2018-08-27

      In SERVER-32977, we prioritized the server's SASL mechanism priority over the client's choice. If the server supports Kerberos via GSSAPI, and PLAIN via LDAP authentication, the shell will try to connect using GSSAPI instead of PLAIN.

      This occurs because in DB.prototype._authOrThrow, we never pass mechanism, take the following if, and this ignores the user's mechanism choice which sits in this._defaultAuthenticationMechanism.

              if (params.mechanism === undefined) {
                  params.mechanism = this._getDefaultAuthenticationMechanism(params.user, this.getName());
              }
      

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: