-
Type: Task
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
Proposal
Drop support of Cyrus-SASL on Windows.
At present the C driver documents support for Cyrus-SASL on Windows:
On Windows, Kerberos support requires compiling the driver against Windows Native SSPI or cyrus-sasl. The default configuration of the driver will use Windows Native SSPI.
Use of Cyrus on Windows is opted-in by setting the CMake option ENABLE_SASL=CYRUS
Motivation
Low Expected Use
I expect there are few users using the C driver with Cyrus-SASL instead of the default SSPI.
Building Cyrus-SASL from source on Windows is documented as as "work in progress". SSPI with Kerberos appears available since Windows 2000.
CDRIVER-2040 notes:
We've never proved Cyrus SASL works with Kerberos/GSSAPI on Windows
CDRIVER-299 notes:
We use Cyrus SASL on Windows, which is very hard to build and configure, and I (Jesse) couldn't get it to authenticate successfully. It probably does work, but it's terrifically inconvenient.
I only found one ticket referencing use of Cyrus-SASL on Windows. CDRIVER-783 notes:
The use case is: connecting a Windows client to a UNIX MIT Kerberos server.
Missing test coverage
There are no C driver tasks on Windows that test authenticating with GSSAPI when using Cyrus-SASL. There are notably C driver tasks on Windows referencing Cyrus-SASL. Examples:
- sasl-cyrus-winssl-windows-2019-vs2017-x64-compile
- sasl-cyrus-winssl-windows-2019-vs2017-x64-test-latest-server-auth
However, I expect the test task is not testing GSSAPI auth. Testing GSSAPI auth only appears to occur in the authentication-tests* by running run-auth-tests.sh. GSSAPI auth is the only feature that uses Cyrus-SASL.
If this proposal is rejected, I would want to add tests to CI. Instructions to test on an Evergreen spawn host are documented here.
- has to be done before
-
CDRIVER-5514 Drop support of Cyrus-SASL on Windows
- Backlog