Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36406

db._authOrThrow should prioritize user specified authenticationMechanism instead of server's mechanisms

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.0.2, 4.1.3
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.0
    • Sprint:
      Platforms 2018-08-27

      Description

      In SERVER-32977, we prioritized the server's SASL mechanism priority over the client's choice. If the server supports Kerberos via GSSAPI, and PLAIN via LDAP authentication, the shell will try to connect using GSSAPI instead of PLAIN.

      This occurs because in DB.prototype._authOrThrow, we never pass mechanism, take the following if, and this ignores the user's mechanism choice which sits in this._defaultAuthenticationMechanism.

              if (params.mechanism === undefined) {
                  params.mechanism = this._getDefaultAuthenticationMechanism(params.user, this.getName());
              }
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: