[DOCS-9897] Document authMechanismProperties URI option and deprecate gssapiServiceName Created: 15/Feb/17 Updated: 30/Oct/23 Due: 09/Feb/18 Resolved: 05/Dec/18 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Jeremy Mikola | Assignee: | Ravind Kumar (Inactive) |
| Resolution: | Done | Votes: | 4 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Participants: | |||||||||||||
| Days since reply: | 5 years, 10 weeks ago | ||||||||||||
| Story Points: | 0.1 | ||||||||||||
| Description |
|
The authentication spec defines a authMechanismProperties option and lists gssapiServiceName as a deprecated alias for "authMechanismProperties=SERVICE_NAME:mongodb". At present, authMechanismProperties are only supported for the GSSAPI authMechanism. There are three documented authMechanismProperties; however, not all properties are supported by all drivers. "SERVICE_NAME" should exist in any driver, as it is a "MUST" according to the specification. The addition of both options is discussed in the spec's version history, although that history has been in place since the spec was first publicized in f53b992. I don't have exact dates for these changes, but authMechanismProperties dates back to 2014 in
ScopeUpdate authentication options table to include authMechanismProperties and it's supported properties:
Note that authMechanismProperites apply only when authMechanism is GSSAPI. Update gssapiServiceName to note that it's an alias for authMechanismProperties=SERVICE_NAME:mongodb |
| Comments |
| Comment by Ravind Kumar (Inactive) [ 05/Dec/18 ] |
|
published to https://docs.mongodb.com/master/reference/connection-string/#urioption.authMechanismProperties, older versions to follow |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: Typo from |
| Comment by Ravind Kumar (Inactive) [ 05/Dec/18 ] |
|
Changes are merged into master (4.2), 4.0, 3.6, and 3.4. They should be visible after our next publishing (EOD). |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Githook User [ 05/Dec/18 ] |
|
Author: {'name': 'rkumar-mongo', 'email': 'ravind.kumar@mongodb.com'}Message: |
| Comment by Shane Harvey [ 19/Sep/18 ] |
|
Thanks, Luke. In that case, perhaps we should wait until |
| Comment by Luke Prochazka [ 14/Aug/18 ] |
|
I would like to see gssapiHostName represented in the authMechanismProperties as a supported option. Noting this is distinct from the CANONICALIZE_HOST_NAME and SERVICE_REALM options mentioned in the auth spec. |
| Comment by Shane Harvey [ 06/Feb/18 ] |
|
Yes, that sounds correct to me. |
| Comment by Ravind Kumar (Inactive) [ 06/Feb/18 ] |
|
shane.harvey am I right in thinking that we just need to remove (or mark as deprecated) the gssapiServiceName param and add authMechanismProperties, specifying the three possible values there. We can note that only SERVICE_NAME is supported by all drivers, and that the rest require users to check the driver docs for support. |
| Comment by Shane Harvey [ 06/Feb/18 ] |
|
Can this ticket be scheduled? It's a relatively simple change to the connection string docs. |
| Comment by Jeremy Mikola [ 15/Feb/17 ] |
|
Note that in libmongoc, authMechanismProperties takes precedence over both "gssapiServiceName" and The spec doesn't explicitly state that authMechanismProperties takes precedence, but I believe that may be implied by its deprecation of the "gssapiServiceName" option. If the manual will continue to document the "gssapiServiceName" option, I expect we'll want to clarify the precendence as well (and confirm that most drivers and the shell follow this convention). |