[DOCS-9833] Confirm that MongoDB ignores authSource for X509 auth with no username Created: 27/Jan/17  Updated: 30/Oct/23

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Bug Priority: Major - P3
Reporter: Jeremy Mikola Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to DRIVERS-333 Drivers MUST NOT require a username f... Closed
Participants:
Days since reply: 1 year, 14 weeks, 2 days ago
Epic Link: DOCSP-1769

 Description   

authSource states:

MongoDB will ignore authSource values if the connection string specifies no username.

Per SPEC-659, usernames are not required for MONGODB-X509. It's not clear to me if X509 expects an authSource of "$external". If so, the above statement should be revised.

According to the C driver, authSource is expected to be $external for GSSAPI and X509.



 Comments   
Comment by Jeremy Mikola [ 01/Nov/22 ]

Just checked https://docs.mongodb.com/master/reference/connection-string/#urioption.authSource and noted the following:

The PLAIN (LDAP), GSSAPI (Kerberos), and MONGODB-AWS (IAM) authentication mechanisms require that authSource be set to $external, as these mechanisms delegate credential storage to external services.

MongoDB will ignore authSource values if no username is provided, either in the connection string or via the --username parameter.

Drivers may default authSource to "$external" for X509, but that is indeed a valid option. It still seems inaccurate to say the option is ignored entirely.

See also: https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#mongodb-x509

Comment by Education Bot [ 31/Oct/22 ]

Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!

Generated at Thu Feb 08 07:59:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.