[DRIVERS-2345] Drivers on Windows should not require username for Kerberos authentication Created: 15/Nov/21  Updated: 21/Dec/22

Status: Backlog
Project: Drivers
Component/s: Authentication
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Brown Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to MONGOSH-1101 Mongosh behaves differently from lega... Closed
Driver Changes: Needed
Case:

 Description   

In Windows, customers would prefer that our drivers allow Kerberos authentication without specifying a username. The driver can fetch the logged-in user identity via the Windows GetUserNameExA function. According to the customer, this is how other competitive database drivers work.

Obviously,. this would be a drivers spec change followed by implementations for the various drivers. This customer happens to be using the C++ driver.



 Comments   
Comment by James Kovacs [ 10/Jun/22 ]

The use case is that if a username isn't supplied then the currently logged-in user is authenticated. This enables SSO on Windows where you can access any network resource with your current credentials, but can specify alternate credentials if desired. The .NET/C# driver already implements this feature. I think Go might as well, but I'd have to verify.

Comment by Bernie Hackett [ 31/May/22 ]

I'm curious about the use case for this. Is the user writing a desktop application in C++, where the user of the application that needs to access MongoDB is the Windows logon user? It seems unlikely to me that a server side application would want to use the Windows logon credentials to authenticate to MongoDB.

Generated at Thu Feb 08 08:25:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.