Improve Kerberos-based auth experience #27527
Comments
mkArtakMSFT
added
enhancement
|
Thanks for contacting us. |
|
@blowdart Looks like this hasn't been addressed for a couple of years. Is this something we want to invest in for 8 or should we just close it? |
|
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process. |
|
Moving to |
Summary
We've seen some feedback indicating that Kerberos auth is not usable in some E2E scenarios (@Tratcher can you please clarify this as none of the attendees of the meeting have context about this).
This issue tracks the work to identify all those experiences and later decide which ones we would like to address in 6.0 timeframe.
@blowdart thinks that this may be related to authentication delegation to SQL.
People with more context
@Tratcher, @JunTaoLuo
Motivation and goals
The initial 3.x Negotiate handler provided only minimal functionality on linux. In 5.0 @JunTaoLuo did work to expand that to include roles. However, none of the partners have been able to validate the new 5.0 features yet, so we're still expecting feedback that we may need to address.
We're also still waiting for a proper Negotiate API from the runtime. We've been using reflection since 3.x. dotnet/runtime#29270
There have also been asks about delegating to SQL cross platform.
In scope
A list of major scenarios, perhaps in priority order.
Out of scope
Scenarios you explicitly want to exclude.
Risks / unknowns
How might developers misinterpret/misuse this? How might implementing it restrict us from other enhancements in the future? Also list any perf/security/correctness concerns.
Examples
Give brief examples of possible developer experiences (e.g., code they would write).
Don't be deeply concerned with how it would be implemented yet. Your examples could even be from other technology stacks.
The text was updated successfully, but these errors were encountered: