[DRIVERS-2345] Drivers on Windows should not require username for Kerberos authentication Created: 15/Nov/21 Updated: 21/Dec/22 |
|
| Status: | Backlog |
| Project: | Drivers |
| Component/s: | Authentication |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Brown | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Driver Changes: | Needed | ||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
In Windows, customers would prefer that our drivers allow Kerberos authentication without specifying a username. The driver can fetch the logged-in user identity via the Windows GetUserNameExA function. According to the customer, this is how other competitive database drivers work. Obviously,. this would be a drivers spec change followed by implementations for the various drivers. This customer happens to be using the C++ driver. |
| Comments |
| Comment by James Kovacs [ 10/Jun/22 ] |
|
The use case is that if a username isn't supplied then the currently logged-in user is authenticated. This enables SSO on Windows where you can access any network resource with your current credentials, but can specify alternate credentials if desired. The .NET/C# driver already implements this feature. I think Go might as well, but I'd have to verify. |
| Comment by Bernie Hackett [ 31/May/22 ] |
|
I'm curious about the use case for this. Is the user writing a desktop application in C++, where the user of the application that needs to access MongoDB is the Windows logon user? It seems unlikely to me that a server side application would want to use the Windows logon credentials to authenticate to MongoDB. |