SASLPrep prepares strings that contain non-ASCII characters for use as username and password with SCRAM-SHA-256 auth for MongoDB 4+. Watch DRIVERS-444 for details.
The C Driver already depends (optionally) on the Cyrus SASL library on Linux to implement Kerberos/GSSAPI auth. For normal SCRAM-SHA-1 auth we only depend on an SSL library, without requiring Cyrus.
Cyrus SASL claims to support SASLPrep but I don't know how to access its SASLPrep implementation for our own SCRAM-SHA-256 mechanism. If we can figure that out, then one option we have is to use Cyrus's SASLPrep on Linux if Cyrus is available, otherwise don't do SASLPrep and risk users being unable to log in with non-ASCII credentials. Another option there is to just vendor in a license-compliant implementation of SASLPrep so we can continue to support the default auth mechanism using only an SSL library, without Cyrus.
Another option is to copy this code and everything it depends upon from Heimdal and use it on all platforms. Check with Legal if this is ok.
Or, go ask the Platforms Team what they're doing in the server to implement SASLPrep. I think they're using libicu for it, perhaps that's widely enough available that we could depend on it for auth. Here's Windows: https://msdn.microsoft.com/en-us/library/windows/desktop/mt823414(v=vs.85).aspx
- is depended on by
-
CXX-1505 Implement SASLPrep
- Closed
-
DRIVERS-444 Implement SASLPrep
- Closed
-
PHPC-1105 Implement SASLPrep
- Closed