[COMPASS-851] Investigate Kerberos Authentication if the username contains @ Created: 06/Mar/17  Updated: 05/Nov/18  Resolved: 05/Nov/18

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: 1.8.0-dev, 1.15.4
Fix Version/s: 1.16.0

Type: Bug Priority: Major - P3
Reporter: Peter Schmidt Assignee: Durran Jordan
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File A double-urlencoded Kerberos principal does appear to be decoded correctly in the node driver.png    
Issue Links:
Depends
Related
related to COMPASS-931 Spike: Research if/how Compass can be... Closed
Story Points: 2
Sprint: Iteration Guacamole, Iteration Qbert

 Description   

From COMPASS-745, it looks like Kerberos and X.509 are also likely to double-encode their auth-component in the same way LDAP does.

This ticket should:

1. Confirm if this is true, e.g. with https://docs.mongodb.com/v3.2/tutorial/control-access-to-mongodb-with-kerberos-authentication/

2. If so, add a regression test in connection-model.
3. Remove all redundant encodeURIComponent calls, including in comments to make it clearer that url.format already handles this even better than we could (git blame reveals it has been optimised for more performance).



 Comments   
Comment by Peter Schmidt [ 04/May/17 ]

%2540 being the URL-encoding of %40 which itself is the URL-encoding of @ (to make the term "double-encoding" more explicit) is probably wrong considering the following source:

https://wiki.mongodb.com/display/CAP/Set+up+MongoDB+with+Kerberos+and+an+alternate+GSSAPI+service+name

Comment by Peter Schmidt [ 03/May/17 ]

May be able to use MongoSecurityPlaypen from HELP-4201.

Comment by Peter Schmidt [ 24/Apr/17 ]

Node driver example:

http://mongodb.github.io/node-mongodb-native/2.0/tutorials/enterprise_features/#connecting-using-kerberos:6e3614dc6c70ae01cdc1669aeb0efb13

Comment by Peter Schmidt [ 10/Mar/17 ]

While in the area, would also be good to test:
https://github.com/mongodb-js/connection-model/pull/168

Generated at Wed Feb 07 22:26:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.