Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-465

Update algorithm for Kerberos hostname canonicalization

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None
    • Labels:
      None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      NODE-1370 Fixed
      SCALA-387 Done
      PYTHON-1505 Duplicate
      CSHARP-2216 Backlog
      PERL-874 Won't Fix
      RUBY-1316 Fixed 2.7.0.rc0
      JAVA-2812 Works as Designed
      CXX-1529 Fixed 3.3.0-rc0
      PHPC-1139 Fixed 1.5.0
      MOTOR-208 Fixed 2.0
      GODRIVER-283 Backlog
      CDRIVER-2551 Works as Designed
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion NODE-1370 Fixed SCALA-387 Done PYTHON-1505 Duplicate CSHARP-2216 Backlog PERL-874 Won't Fix RUBY-1316 Fixed 2.7.0.rc0 JAVA-2812 Works as Designed CXX-1529 Fixed 3.3.0-rc0 PHPC-1139 Fixed 1.5.0 MOTOR-208 Fixed 2.0 GODRIVER-283 Backlog CDRIVER-2551 Works as Designed

      See spec change here. To test, get ldaptest.10gen.cc's IP address. Assuming that $AUTH_HOST has been set to "ldaptest.10gen.cc" via Evergreen project configuration:

      case "$OS" in
   cygwin*)
      IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
      ;;

   darwin)
      IP_ADDR=`dig $AUTH_HOST +short | tail -1`
      ;;

   *)
      IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
esac

      Then ensure you can authenticate to ldaptest even with the IP address instead of the hostname in the URI. In the libmongoc Evergreen script, the URI is formatted like:

      mongodb://${AUTH_GSSAPI}@${IP_ADDR}/?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME:true"

      Ensure you can do a "ping" command or something else that proves you authenticated.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: