Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36406

db._authOrThrow should prioritize user specified authenticationMechanism instead of server's mechanisms

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 4.0.0
    • 4.0.2, 4.1.3
    • None
    • None
    • Fully Compatible
    • ALL
    • v4.0
    • Platforms 2018-08-27

    Description

      In SERVER-32977, we prioritized the server's SASL mechanism priority over the client's choice. If the server supports Kerberos via GSSAPI, and PLAIN via LDAP authentication, the shell will try to connect using GSSAPI instead of PLAIN.

      This occurs because in DB.prototype._authOrThrow, we never pass mechanism, take the following if, and this ignores the user's mechanism choice which sits in this._defaultAuthenticationMechanism.

              if (params.mechanism === undefined) {
                  params.mechanism = this._getDefaultAuthenticationMechanism(params.user, this.getName());
              }
      

      Attachments

        Activity

          People

            sara.golemon@mongodb.com Sara Golemon
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: