Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-827

When using authenticationMechanism=GSSAPI mongo shell should not require username argument

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: CLI Module
    • Labels:
      None
    • 5
    • Needed
    • Hide

      When using authenticationMechanism=GSSAPI mongo shell should not require --username argument.

      Show
      When using authenticationMechanism=GSSAPI mongo shell should not require --username argument.
    • Iteration Johannesburg

      Problem Description

      MongoDB uses the AuthN_id from kerberos ccache (default principal), and does not do any canonicalization. So, we can use the AuthN_ID as AuthZ_id and Mongo shell dont need to accept a --username argument. This adds to user confusion in kerberos environemnts.

      Steps to Reproduce

      Start a mongod instance with kerberos support.

      connect to mongod server using mongo shell.. Here you need to pass --username argument.

      Expected Results

      Ideally we dont need to pass --username argument when doing kerberos authentication.

      Actual Results

      Additional Notes

            Assignee:
            Unassigned Unassigned
            Reporter:
            g.sravan4u@gmail.com Sravan _
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: