This change also removes the gssapiServiceName option (deprecated in
PyMongo 2.8), which is replaced by authMechanismProperties=SERVICE_NAME:<service name>.
The new MongoClient, based on Cluster and Server,
includes functionality that had been split between the
old MongoClient and MongoReplicaSetClient. A
previous commit introduced the new MongoClient
but broke authentication.
There are two Kerberos bindings on PyPI: kerberos and pykerberos.
PyMongo has been compatible with the kerberos package since PyMongo 2.5.0. But kerberos is not currently compatible with Python 3.
This change introduces compatibility with the new pykerberos package. Since pykerberos is compatible with Python 3, PyMongo can now use Kerberos in Python 3.
- Use default roles when no roles are provided (MongoDB 2.5.3+).
- DeprecationWarning when using read_only or not passing roles (MongoDB 2.5.3+).
- Check for error code 59 in remove_user.
- Roles and read_only are not compatible.
- TypeError -> ValueError for '' as password.
- Better validation all around.
This is initially for LDAP authentication support in
MongoDB 2.6 (forthcoming). Warning: the username and
password are sent over the wire in clear text per
RFC 4616. SSL with cert validation should be used in
conjunction with the PLAIN mechanism to encrypt the
channel.
This only works with the subscriber addition of MongoDB
>= 2.4 and requires the python "kerberos" module, sometimes
referred to as pykerberos.
http://pypi.python.org/pypi/kerberos
This change also adds support for the authMechanism
and authSource URI options.
