[SERVER-36406] db._authOrThrow should prioritize user specified authenticationMechanism instead of server's mechanisms Created: 01/Aug/18  Updated: 29/Oct/23  Resolved: 22/Aug/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.0.0
Fix Version/s: 4.0.2, 4.1.3

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.0
Sprint: Platforms 2018-08-27
Participants:

 Description   

In SERVER-32977, we prioritized the server's SASL mechanism priority over the client's choice. If the server supports Kerberos via GSSAPI, and PLAIN via LDAP authentication, the shell will try to connect using GSSAPI instead of PLAIN.

This occurs because in DB.prototype._authOrThrow, we never pass mechanism, take the following if, and this ignores the user's mechanism choice which sits in this._defaultAuthenticationMechanism.

        if (params.mechanism === undefined) {
            params.mechanism = this._getDefaultAuthenticationMechanism(params.user, this.getName());
        }



 Comments   
Comment by Githook User [ 24/Aug/18 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-36406 Respect _defaultAuthenticationMechanism when provided

(cherry picked from commit 21f5d50fbc12b1690486813d8c48882d37723bdf)
Branch: v4.0
https://github.com/mongodb/mongo/commit/8d657bc4b13632cfd224ebb5bbe973e80557868e

Comment by Githook User [ 22/Aug/18 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-36406 Respect _defaultAuthenticationMechanism when provided
Branch: master
https://github.com/mongodb/mongo/commit/21f5d50fbc12b1690486813d8c48882d37723bdf

Generated at Thu Feb 08 04:43:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.