Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-818

Go driver does not respect KRB5CCNAME environment variable

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Authentication
    • Labels:
      None

      I am having trouble getting the Go driver to pay attention to the KRB5CCNAME environment variable for the location of the user's ticket cache:

      tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache kinit -kt atmtesting/assets/user.keytab ldapz_kerberos2@LDAPTEST.10GEN.CC
tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache klist
Ticket cache: FILE:/tmp/myticketcache
Default principal: ldapz_kerberos2@LDAPTEST.10GEN.CC

Valid starting       Expires              Service principal
02/08/2019 16:04:36  02/09/2019 16:04:35  krbtgt/LDAPTEST.10GEN.CC@LDAPTEST.10GEN.CC
tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache KRB5_TRACE=/dev/stdout go run -tags gssapi ~/tst/krb_go_driver.go
[18753] 1549659900.817085: Convert service mockservice (service with host as instance) on host localhost to principal
[18753] 1549659900.817903: Remote host after forward canonicalization: localhost
[18753] 1549659900.818481: Remote host after reverse DNS processing: localhost
[18753] 1549659900.818840: Got service principal mockservice/localhost@
[18753] 1549659900.819391: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.820009: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.820728: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.821306: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.821874: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.822325: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.822814: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.823263: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.877300: Convert service mockservice (service with host as instance) on host localhost to principal
[18753] 1549659900.877816: Remote host after forward canonicalization: localhost
[18753] 1549659900.878113: Remote host after reverse DNS processing: localhost
[18753] 1549659900.878198: Got service principal mockservice/localhost@
[18753] 1549659900.878726: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.879268: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.879893: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.880539: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.881150: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.881731: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.882152: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
[18753] 1549659900.882648: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found
panic: auth error: unable to authenticate using mechanism "GSSAPI": unable to negotiate with server: Success(589824,100001)

goroutine 1 [running]:
main.main()
	/home/tim/tst/krb_go_driver.go:39 +0x706
exit status 2
tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$

      The Go driver is looking in /etc/krb5/user/1000/client.keytab instead of /tmp/myticketcache .

      Attaching krb_go_driver.go and the mongod.conf for MongoDB

        1. krb_go_driver.go
          1.0 kB
        2. krb_mgo.go
          0.5 kB
        3. mongod.conf
          0.5 kB

            Assignee:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Reporter:
            tim.olsen@mongodb.com Timothy Olsen (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: