[SERVER-44396] Run the client half of the GSSAPI conversation in mongokerberos Created: 04/Nov/19 Updated: 29/Oct/23 Resolved: 22/Jan/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Adam Cooper (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30, Security 2019-01-13, Security 2019-01-27 | ||||||||
| Participants: | |||||||||
| Description |
|
Acquiring a client principal, and acquiring a service ticket for the target service can be performed by the client, without sending messages across the non-existent wire. Performing these checks in mongokerberos will let us ensure that the client's keys can be used to obtain service tickets. Relevant RFCs: |
| Comments |
| Comment by Githook User [ 22/Jan/20 ] |
|
Author: {'username': 'super-cooper', 'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com'}Message: |