Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-465

Update algorithm for Kerberos hostname canonicalization

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None
    • None

      See spec change here. To test, get ldaptest.10gen.cc's IP address. Assuming that $AUTH_HOST has been set to "ldaptest.10gen.cc" via Evergreen project configuration:

      case "$OS" in
         cygwin*)
            IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
            ;;
      
         darwin)
            IP_ADDR=`dig $AUTH_HOST +short | tail -1`
            ;;
      
         *)
            IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
      esac
      

      Then ensure you can authenticate to ldaptest even with the IP address instead of the hostname in the URI. In the libmongoc Evergreen script, the URI is formatted like:

      mongodb://${AUTH_GSSAPI}@${IP_ADDR}/?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME:true"
      

      Ensure you can do a "ping" command or something else that proves you authenticated.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: