Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-1077

Offer option to canonicalize server name used for GSSAPI authentication

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.12.0, 3.0.0
    • None
    • Authentication
    • None

    Description

      Section 4.1 of http://www.ietf.org/rfc/rfc2743.txt says:

      The "hostname" may ... be canonicalized by attempting a DNS lookup and using the fully-qualified domain name which is returned...

      Oracle's GSSAPI implementation is not canonicalizing (note that it's optional). Given that, the driver should be able to do the canonicalization on behalf of the application, as authentication can fail if the application provides the driver with a DNS alias to a mongos server.

      In scope of this ticket, we need to determine whether the canonicalization should always be done, or whether it should be opt-in.

      Attachments

        Activity

          People

            jeff.yemin@mongodb.com Jeffrey Yemin
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: