[DRIVERS-333] Drivers MUST NOT require a username for MONGODB-X509 when connected to MongoDB >= 3.4 Created: 02/Nov/16  Updated: 15/Apr/19  Resolved: 24/Mar/17

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Rathi Gnanasekaran
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CSHARP-1822 Username no longer required for MONGO... Closed
depends on CXX-1123 username no longer required for MONGO... Closed
depends on CXX-1124 Username no longer required for MONGO... Closed
depends on JAVA-2375 Make username optional for MONGODB-X5... Closed
depends on NODE-849 username no longer required for MONGO... Closed
depends on PYTHON-1184 username no longer required for MONGO... Closed
depends on RUBY-1171 username no longer required for MONGO... Closed
Related
related to DOCS-9833 Confirm that MongoDB ignores authSour... Closed
Driver Compliance:
Key Status/Resolution FixVersion
JAVA-2375 Done 3.4.0
SCALA-279 Done
NODE-849 Done 2.2.12
CSHARP-1822 Done 2.4
RUBY-1171 Done 2.4.0
PERL-679 Done 2.0.0
PYTHON-1184 Done 3.4
CXX-1123 Won't Fix
CXX-1124 Done 3.1.0

 Description   

MongoDB 3.4 will automatically extract the username from the provided certificate, so the authenticate command no longer requires it.

See the recent update to the spec:
https://github.com/mongodb/specifications/commit/964a8aa571040208bd5e5443241b3bb628fb535f

Validation requirements:

  • When connected to MongoDB 3.4:
    • You MUST NOT raise an error when the application only provides an X.509 certificate and no username.
    • If the application does not provide a username you MUST NOT send a username to the server.
    • If the application provides a username you MUST send that username to the server.
  • When connected to MongoDB 3.2 or earlier:
    • You MUST send a username to the server.
    • If no username is provided by the application, you MAY extract the username from the X.509 certificate instead of requiring the application to provide it.
    • If you choose not to automatically extract the username from the certificate you MUST error when no username is provided by the application.


 Comments   
Comment by Githook User [ 01/Feb/17 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: DRIVERS-333 Drivers MUST NOT require a username for MONGODB-X509 when connected to MongoDB >= 3.4
Branch: master
https://github.com/mongodb/specifications/commit/9b40d4d5cc71e7ea2045bfca223ccbd130fb59ec

Comment by Jeremy Mikola [ 02/Nov/16 ]

Implicitly validating PHPC, HHVM, and PHPLIB, based on libmongoc.

The extension documentation has an example of using X509 auth without supplying a username in the URI: http://php.net/manual/en/mongodb-driver-manager.construct.php#refsect1-mongodb-driver-manager.construct-examples

Generated at Thu Feb 08 08:21:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.