[SERVER-8305] saslAuthenticate defaults to wrong database when using GSSAPI mechanism Created: 23/Jan/13  Updated: 19/Mar/13  Resolved: 08/Feb/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 2.3.2
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Craig Wilson Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Participants:

 Description   

In a shell connected to subscriber edition 2.3.2 the following succeeds authentication but grants no privileges. The code is targeting the wrong userSource as a default. It should target $external, but currently targets $sasl.

var mongo = db.getMongo();
mongo.saslAuthenticate({mechanism: "GSSAPI", user: "user@DOMAIN.COM"});

The following works, but shouldn't be required.

var mongo = db.getMongo();
mongo.saslAuthenticate({mechanism: "GSSAPI", user: "user@DOMAIN.COM", userSource: "$external"});



 Comments   
Comment by auto [ 12/Feb/13 ]

Author:

{u'date': u'2013-02-08T17:04:35Z', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-8305 Change default database for GSSAPI from $sasl to $external.
Branch: master
https://github.com/mongodb/mongo/commit/9e13c284c7ab6cdb4a80ad40248825fbf73178e3

Comment by Andy Schwerin [ 08/Feb/13 ]

After SERVER-8414, the Mongo.prototype.saslAuthenticate method will be removed from the shell. Users should use db.auth() or the auth() method on the Mongo object, depending on their use case. The "auth" method on the Mongo object takes the same arguments as saslAuthenticate, but supports the MONGO-CR mechanism as well as supported SASL mechanisms. Ditto for db.auth, except that db.auth() does not allow the caller to specify the "userSource". That is taken to be the name of the db on which auth is called.

db.auth continues to support the old (user, password) calling behavior, as well.

Comment by Craig Wilson [ 23/Jan/13 ]

The release notes for 2.4 don't indicate that userSource is necessary.

Generated at Thu Feb 08 03:17:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.