<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:56 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2180] Kerberos on Windows should not pass username to SSPI when password is not set</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2180</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-color: #21313c;border-style: solid;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;em&gt;What is the problem or use case, what are we trying to achieve?&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Users are not able to connect using Kerberos on Windows when specifying only a username and no password. This is happening because the Node.js driver (and possibly/likely other drivers) differ from the behavior of the legacy shell in this regard, and we think that the legacy shell behavior is the preferable one. Specifically:&lt;/p&gt;

&lt;p&gt;If a username without a password is provided, the legacy shell passes that username to the server, but &lt;b&gt;not&lt;/b&gt; to the Windows SSPI API, i.e. from SSPI it fetches the credentials of the current user regardless of the specified username. This was an intentional choice as part of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-45050&quot; title=&quot;Change Windows Kerberos client to use default credentials when no password is specified&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-45050&quot;&gt;&lt;del&gt;SERVER-45050&lt;/del&gt;&lt;/a&gt; (compare &lt;a href=&quot;https://github.com/mongodb/mongo/blob/5bbadc66ed462aed3cc4f5635c5003da6171c25d/src/mongo/client/sasl_sspi.cpp#L182&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/5bbadc66ed462aed3cc4f5635c5003da6171c25d/src/mongo/client/sasl_sspi.cpp#L182&lt;/a&gt; and &lt;a href=&quot;https://github.com/mongodb-js/kerberos/blob/b536f1a921985126bb462ae264f94f5a8319d00b/src/win32/kerberos_sspi.cc#L82&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb-js/kerberos/blob/b536f1a921985126bb462ae264f94f5a8319d00b/src/win32/kerberos_sspi.cc#L82&lt;/a&gt;).&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;
&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;

&lt;p&gt;Users of Kerberos authentication on Windows.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;Users don&apos;t know why a connection string/set of options that works with the legacy shell does not work with drivers or mongosh.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;

&lt;p&gt;I imagine it&apos;s fairly common for the subset of users that use Kerberos on Windows.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;

&lt;p&gt;They end up being stumped about being unable to connect.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;Not particularly, but with mongosh fully replacing the legacy shell in the 6.0 server release, it would be good to have this resolved before then.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;

&lt;p&gt;This is split from MONGOSH-1059.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="1974193">DRIVERS-2180</key>
            <summary>Kerberos on Windows should not pass username to SSPI when password is not set</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="13453" iconUrl="https://jira.mongodb.org/images/icons/status_generic.gif" description="">Implementing</status>
                    <statusCategory id="4" key="indeterminate" colorName="inprogress"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="anna.henningsen@mongodb.com">Anna Henningsen</reporter>
                        <labels>
                            <label>size-small</label>
                            <label>spec-change</label>
                    </labels>
                <created>Mon, 31 Jan 2022 16:41:26 +0000</created>
                <updated>Mon, 21 Aug 2023 20:11:44 +0000</updated>
                                                                <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="4349993" author="xgen-internal-githook" created="Fri, 11 Feb 2022 12:02:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Anna Henningsen&apos;, &apos;email&apos;: &apos;anna.henningsen@mongodb.com&apos;, &apos;username&apos;: &apos;addaleax&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2180&quot; title=&quot;Kerberos on Windows should not pass username to SSPI when password is not set&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2180&quot;&gt;DRIVERS-2180&lt;/a&gt; Clarify Kerberos on Windows credentials passing (#1142)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/4faf7f65288344499de8e202d397acf376201f95&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/4faf7f65288344499de8e202d397acf376201f95&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="1982058">GODRIVER-2307</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982063">RUBY-2906</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982055">CDRIVER-4291</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982057">CSHARP-4050</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982056">CXX-2451</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982060">MOTOR-891</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1980276">NODE-3982</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982062">PHPC-2070</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982061">PYTHON-3121</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982064">RUST-1181</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1982059">JAVA-4491</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1047431">SERVER-45050</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;All drivers should verify this behavior. It&apos;s likely that some drivers are already doing the right thing.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-3982'>NODE-3982</a>
    </td>
    <td>Done</td>
    <td class='hasFixVersion'>kerberos-2.0.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4291'>CDRIVER-4291</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.24.0, 1.23.6</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2451'>CXX-2451</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>3.8.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4050'>CSHARP-4050</a>
    </td>
    <td>Done</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2307'>GODRIVER-2307</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4491'>JAVA-4491</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-891'>MOTOR-891</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3121'>PYTHON-3121</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPC-2070'>PHPC-2070</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.16.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-2906'>RUBY-2906</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1181'>RUST-1181</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1486'>SWIFT-1486</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i01pe7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14261" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>Start date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 11 Feb 2022 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>