Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4529

Authentication fails with Kerberos when service name is not mongodb

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.28.4
    • Affects Version/s: None
    • Component/s: Connectivity
    • None
    • Not Needed

      Problem Description

      When trying to authenticate with Kerberos with a service name different from mongodb it fails with

      Miscellaneous failure (see text): Error from KDC: LOOKING_UP_SERVER while looking up 'mongodb/mongodb-kerberos-2.example.com@EXAMPLE.COM' (cached result, timeout in 850 sec) (negative cache)
      

      Steps to Reproduce

      • Start mongodb with kerberos auth locally using the devtools docker template
      • Try to connect to second mongodb instance that is using "alternate" service name for Kerberos auth:
      mongodb://mongodb.user%40EXAMPLE.COM@mongodb-kerberos-2.example.com:29018/?gssapiServiceName=alternate&authMechanism=GSSAPI&authSource=%24external
      

      Expected Results

      I can sign in without issues

      Actual Results

      Auth error is shown

      Additional Notes

            Assignee:
            michael.rose@mongodb.com Michael Rose (Inactive)
            Reporter:
            sergey.petushkov@mongodb.com Sergey Petushkov
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: