Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2549

(kerberos) failed to connect if the principle name has '@' character

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Priority: Icon: Major - P3 Major - P3
    • 1.11.0
    • Affects Version/s: 1.7.0
    • Component/s: libmongoc
    • Labels:
      None

      nI added a user in KDC server: addprinc user1@a@KER.COM
      note: user1@a is the username (I use \ character as the escape character), and KER.COM is the realm name.

      then added the user in mongodb server:

      db.getSiblingDB("$external").createUser(
{
user : "user1@a@KER.COM",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "quest_stage" } ]
}
)

      through mongodb shell, I can connect with the following cmd successfully:

      mongo --host mon.ker.com --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username "user1@a@KER.COM"

      but with mongo c driver in my program:

      		auto client = mongocxx::client{ mongocxx::uri{ "mongodb://user1%5C%40a%40KER.COM:123@mon.ker.com/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:mongodb" } }; //ensure to use FQDN instead of IP ADDRESS

      or 

      auto client = mongocxx::client{ mongocxx::uri{ "mongodb://user1%5C%5C%40a%40KER.COM:123@mon.ker.com/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:mongodb" } }; //ensure to use FQDN instead of IP ADDRESS

      can't connect, and get error in log:

      [info@mongocxx] libmongoc logging callback enabled
[error@mongoc] SSPI: InitializeSecurityContext: The specified target is unknown
or unreachable

[debug@cluster] Authentication failed: Received invalid SSPI data.

        1. kinit.png
          12 kB
          winnie_quest
        2. where.png
          12 kB
          winnie_quest
        3. regedit.png
          49 kB
          winnie_quest
        4. mongod.conf
          0.7 kB
          winnie_quest
        5. env_KRB5_TRACE.png
          2 kB
          winnie_quest
        6. klist.png
          15 kB
          winnie_quest
        7. kdc.png
          53 kB
          winnie_quest
        8. server_log.png
          29 kB
          winnie_quest
        9. addUser.png
          31 kB
          winnie_quest
        10. add_to_kdc.png
          57 kB
          winnie_quest
        11. log_shell.png
          40 kB
          winnie_quest

            Assignee:
            matt.broadstone@mongodb.com Matt Broadstone
            Reporter:
            winnie_quest winnie_quest
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: