Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4319

Compass-dev 1.22.0 (6804a345a5) can't auth using Kerberos on RHEL7

    • Iteration Huckleberry, Iteration Lime, Iteration Maracuja
    • Not Needed

      MongoDB Shell works under the same user:

      $ KRB5_TRACE=/dev/stdout mongo --host rhel-73.acme.qa -u Administrator@ACME.QA --authenticationMechanism GSSAPI --authenticationDatabase '$external' --gssapiServiceName mongodbenterprise --eval 'db.runCommand({connectionStatus:1}).authInfo.authenticatedUsers[0]'
      MongoDB shell version v4.2.6
      connecting to: mongodb://rhel-73.acme.qa:27017/?authMechanism=GSSAPI&authSource=%24external&compressors=disabled&gssapiServiceName=mongodbenterprise
      [20086] 1591207829.121207: ccselect module realm chose cache FILE:/tmp/krb5cc_1000 with client principal Administrator@ACME.QA for server principal mongodbenterprise/rhel-73.acme.qa@ACME.QA
      [20086] 1591207829.121208: Getting credentials Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA using ccache FILE:/tmp/krb5cc_1000
      [20086] 1591207829.121209: Retrieving Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA from FILE:/tmp/krb5cc_1000 with result: 0/Success
      [20086] 1591207829.121211: Creating authenticator for Administrator@ACME.QA -> mongodbenterprise/rhel-73.acme.qa@ACME.QA, seqnum 372782601, subkey rc4-hmac/1834, session key rc4-hmac/8392
      [20086] 1591207829.121212: Negotiating for enctypes in authenticator: aes256-cts, aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
      [20086] 1591207829.121217: Read AP-REP, time 1591207830.121213, subkey aes256-cts/5014, seqnum 201794735
      Implicit session: session { "id" : UUID("4831e6be-d20c-486b-b36f-dfd7a1a457fc") }
      MongoDB server version: 4.2.6
      { "user" : "Administrator@ACME.QA", "db" : "$external" }
      

      MongoDB Compass fails using the same settings (see the attached screenshot).

        1. 1.png
          689 kB
          Maurizio Casimirri
        2. 1-1.png
          689 kB
          Maurizio Casimirri
        3. 2.png
          313 kB
          Maurizio Casimirri
        4. 3.png
          361 kB
          Maurizio Casimirri
        5. 4.png
          370 kB
          Maurizio Casimirri
        6. Screen Shot 2020-06-03 at 11.09.24 AM.png
          1.32 MB
          Andrey Brindeyev
        7. Screen Shot 2020-06-03 at 11.18.48 AM.png
          585 kB
          Andrey Brindeyev
        8. Screenshot 2020-09-15 at 16.57.30.png
          370 kB
          Maurizio Casimirri
        9. Screenshot 2020-09-15 at 16.57.30-1.png
          370 kB
          Maurizio Casimirri
        10. Screenshot 2020-09-15 at 16.57.52.png
          361 kB
          Maurizio Casimirri
        11. Screenshot 2020-09-15 at 16.58.02.png
          313 kB
          Maurizio Casimirri
        12. Screenshot 2020-09-15 at 16.58.17.png
          689 kB
          Maurizio Casimirri

            Assignee:
            maurizio.casimirri@mongodb.com Maurizio Casimirri
            Reporter:
            andrey.brindeyev@mongodb.com Andrey Brindeyev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: