Description
According to javadocs:
/*
|
Creates a MongoCredential instance for the GSSAPI SASL mechanism. To override the default service name of {@code "mongodb"},
|
* add a mechanism property with the name {@code "SERVICE_NAME"}. To force canonicalization of the host name prior to authentication,
|
* add a mechanism property with the name {@code "CANONICALIZE_HOST_NAME"} with the value{@code true}.
|
|
@param userName the user name
|
* @return the credential
|
* @see #withMechanismProperty(String, Object)
|
|
@mongodb.server.release 2.4
|
*/
|
We should outline this in docs, as it's a great source of confusion on the client side. If the Kerberos service principal is using canonicalized instance name, and Java driver uses IP, then without the CANONICALIZE_HOST_NAME property you will be getting "Server not found in Kerberos database (7) - UNKNOWN_SERVER" exception from GSS.