Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4319

Compass-dev 1.22.0 (6804a345a5) can't auth using Kerberos on RHEL7

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.21.2, 1.22.0
    • Fix Version/s: 1.23.0
    • Component/s: Compass, Connectivity
    • Labels:
    • # Replies:
      0
    • Last comment by Customer:
      true
    • Documentation Changes:
      Not Needed
    • Sprint:
      Iteration Huckleberry, Iteration Lime, Iteration Maracuja
    • Case:

      Description

      MongoDB Shell works under the same user:

      $ KRB5_TRACE=/dev/stdout mongo --host rhel-73.acme.qa -u Administrator@ACME.QA --authenticationMechanism GSSAPI --authenticationDatabase '$external' --gssapiServiceName mongodbenterprise --eval 'db.runCommand({connectionStatus:1}).authInfo.authenticatedUsers[0]'
      MongoDB shell version v4.2.6
      connecting to: mongodb://rhel-73.acme.qa:27017/?authMechanism=GSSAPI&authSource=%24external&compressors=disabled&gssapiServiceName=mongodbenterprise
      [20086] 1591207829.121207: ccselect module realm chose cache FILE:/tmp/krb5cc_1000 with client principal Administrator@ACME.QA for server principal mongodbenterprise/rhel-73.acme.qa@ACME.QA
      [20086] 1591207829.121208: Getting credentials Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA using ccache FILE:/tmp/krb5cc_1000
      [20086] 1591207829.121209: Retrieving Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA from FILE:/tmp/krb5cc_1000 with result: 0/Success
      [20086] 1591207829.121211: Creating authenticator for Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA, seqnum 372782601, subkey rc4-hmac/1834, session key rc4-hmac/8392
      [20086] 1591207829.121212: Negotiating for enctypes in authenticator: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
      [20086] 1591207829.121217: Read AP-REP, time 1591207830.121213, subkey aes256-cts/5014, seqnum 201794735
      Implicit session: session { "id" : UUID("4831e6be-d20c-486b-b36f-dfd7a1a457fc") }
      MongoDB server version: 4.2.6
      { "user" : "Administrator@ACME.QA", "db" : "$external" }
      

      MongoDB Compass fails using the same settings (see the attached screenshot).

        Attachments

        1. Screenshot 2020-09-15 at 16.58.17.png
          Screenshot 2020-09-15 at 16.58.17.png
          689 kB
        2. Screenshot 2020-09-15 at 16.58.02.png
          Screenshot 2020-09-15 at 16.58.02.png
          313 kB
        3. Screenshot 2020-09-15 at 16.57.52.png
          Screenshot 2020-09-15 at 16.57.52.png
          361 kB
        4. Screenshot 2020-09-15 at 16.57.30-1.png
          Screenshot 2020-09-15 at 16.57.30-1.png
          370 kB
        5. Screenshot 2020-09-15 at 16.57.30.png
          Screenshot 2020-09-15 at 16.57.30.png
          370 kB
        6. Screen Shot 2020-06-03 at 11.18.48 AM.png
          Screen Shot 2020-06-03 at 11.18.48 AM.png
          585 kB
        7. Screen Shot 2020-06-03 at 11.09.24 AM.png
          Screen Shot 2020-06-03 at 11.09.24 AM.png
          1.32 MB
        8. 4.png
          4.png
          370 kB
        9. 3.png
          3.png
          361 kB
        10. 2.png
          2.png
          313 kB
        11. 1-1.png
          1-1.png
          689 kB
        12. 1.png
          1.png
          689 kB

          Issue Links

            Activity

              People

              Assignee:
              maurizio.casimirri Maurizio Casimirri
              Reporter:
              andrey.brindeyev Andrey Brindeev
              Participants:
              Last commenter:
              Nuno Costa Nuno Costa
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                48 weeks, 2 days ago
                Date of 1st Reply: