Proposal

Drop support of Cyrus-SASL on Windows.

At present the C driver documents support for Cyrus-SASL on Windows:

On Windows, Kerberos support requires compiling the driver against Windows Native SSPI or cyrus-sasl. The default configuration of the driver will use Windows Native SSPI.

Use of Cyrus on Windows is opted-in by setting the CMake option ENABLE_SASL=CYRUS

Motivation

Low Expected Use

I expect there are few users using the C driver with Cyrus-SASL instead of the default SSPI.

Building Cyrus-SASL from source on Windows is documented as as "work in progress". SSPI with Kerberos appears available since Windows 2000.

CDRIVER-2040 notes:

We've never proved Cyrus SASL works with Kerberos/GSSAPI on Windows

CDRIVER-299 notes:

We use Cyrus SASL on Windows, which is very hard to build and configure, and I (Jesse) couldn't get it to authenticate successfully. It probably does work, but it's terrifically inconvenient.

I only found one ticket referencing use of Cyrus-SASL on Windows. CDRIVER-783 notes:

The use case is: connecting a Windows client to a UNIX MIT Kerberos server.

Missing test coverage

There are no C driver tasks on Windows that test authenticating with GSSAPI when using Cyrus-SASL. There are notably C driver tasks on Windows referencing Cyrus-SASL. Examples:

• sasl-cyrus-winssl-windows-2019-vs2017-x64-compile
• sasl-cyrus-winssl-windows-2019-vs2017-x64-test-latest-server-auth

However, I expect the test task is not testing GSSAPI auth. Testing GSSAPI auth only appears to occur in the authentication-tests* by running run-auth-tests.sh.  GSSAPI auth is the only feature that uses Cyrus-SASL.

If this proposal is rejected, I would want to add tests to CI. Instructions to test on an Evergreen spawn host are documented here.