[CSHARP-2366] GSSAPI Authentication starts SASL conversation wrong Created: 27/Aug/18 Updated: 28/Oct/23 Resolved: 17/Sep/18 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.7.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Case: | (copied to CRM) | ||||||||||||
| Description |
|
GSSAPI Authentication is beginning the SASL conversation with an empty payload. In 3.6 and before, MongoDB would return
for an empty saslStart payload. In 4.0, MongoDB passes the empty client payload per SASL spec to Kerberos which starts negotiation. The C# driver should not pass an empty payload unless it wants to start SPNEGO. If the C# driver does start calling saslStart with a non-empty payload, this is compatible with all versions of MongoDB. |
| Comments |
| Comment by Githook User [ 06/Nov/18 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Githook User [ 17/Sep/18 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Vincent Kam (Inactive) [ 12/Sep/18 ] |