Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-3196

Can't authenticate using Kerberos

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.16.0
    • Affects Version/s: None
    • Component/s: Compass
    • None
    • Iteration Qbert, Iteration Ratatouille

      I can't authenticate using Kerberos on Windows. No error is reported in Compass UI - it just stays on the connect dialog. I can successfully authenticate using MongoDB Shell from the same session:

      PS C:\Program Files\MongoDB\Server\4.0\bin> .\mongo.exe --username Administrator@ACME.QA --quiet --host rhel-73.acme.qa
      --authenticationDatabase '$external' --authenticationMechanism GSSAPI --gssapiServiceName mongodbenterprise
      MongoDB Enterprise > use admin
      switched to db admin
      MongoDB Enterprise > show collections
      system.roles
      system.users
      system.version
      

      I do have Kerberos trace enabled on my mongod but when I try to perform authentication in Compass, nothing shows up. When I use MongoDB Shell, there are few lines as expected:

      [1436] 1539378734.174535: Decrypted AP-REQ with server principal mongodbenterprise/rhel-73.acme.qa@ACME.QA: rc4-hmac/87B3
      [1436] 1539378734.174536: AP-REQ ticket: Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA, session key rc4-hmac/A110
      [1436] 1539378734.174537: Negotiated enctype based on authenticator: aes256-cts
      [1436] 1539378734.174538: Authenticator contains subkey: rc4-hmac/F71E
      [1436] 1539378734.174540: Creating AP-REP, time 1539378734.155, subkey aes256-cts/EA9B, seqnum 402952013
      

      Here is the excerpt from MongoDB Server log file:

      2018-10-12T14:13:13.407-0700 I NETWORK  [listener] connection accepted from 10.211.55.28:50392 #38 (2 connections now open)
      2018-10-12T14:13:13.409-0700 I NETWORK  [conn38] SSL mode is set to 'preferred' and connection 38 to 10.211.55.28:50392 is not using SSL.
      2018-10-12T14:13:13.409-0700 I NETWORK  [conn38] received client metadata from 10.211.55.28:50392 conn38: { driver: { name: "nodejs", version: "3.1.6" }, os: { type: "Windows_NT", name: "win32", architecture: "x64", version: "10.0.14393" }, platform: "Node.js v8.9.3, LE, mongodb-core: 3.1.5", application: { name: "MongoDB Compass Beta" } }
      2018-10-12T14:13:13.409-0700 I COMMAND  [conn38] command admin.$cmd appName: "MongoDB Compass Beta" command: isMaster { ismaster: true, client: { driver: { name: "nodejs", version: "3.1.6" }, os: { type: "Windows_NT", name: "win32", architecture: "x64", version: "10.0.14393" }, platform: "Node.js v8.9.3, LE, mongodb-core: 3.1.5", application: { name: "MongoDB Compass Beta" } }, compression: [], $readPreference: { mode: "secondaryPreferred" }, $db: "admin" } numYields:0 reslen:223 locks:{} protocol:op_query 0ms
      2018-10-12T14:13:13.417-0700 I COMMAND  [conn38] command $external.$cmd appName: "MongoDB Compass Beta" command: saslStart { saslStart: 1, mechanism: "GSSAPI", payload: "xxx", autoAuthorize: 1, $db: "$external" } numYields:0 reslen:78 locks:{} protocol:op_query 0ms
      2018-10-12T14:13:13.422-0700 I NETWORK  [conn38] end connection 10.211.55.28:50392 (1 connection now open)
      

      I've tried to use latest release version (1.15.4) as well as latest beta (1.16.0-beta.8).

            Assignee:
            durran.jordan@mongodb.com Durran Jordan
            Reporter:
            andrey.brindeyev@mongodb.com Andrey Brindeyev
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: