Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20387

Broken kerberos implementation in mongodump & mongorestore

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Gone away
    • 2.6.10
    • None
    • Security, Tools
    • None
    • Windows
    • Windows

    Description

      The mongodump & mongorestore tools do not completely support kerberos auth. For example, when running with the following syntax which omits the password field:

      .\mongodump -u "user@DOMAIN.LOCAL" --authenticationDatabase '$external' --authenticationMechanism GSSAPI
      

      This fails with the following error:

      assertion: 17 SASL(-1): generic failure: SSPI: InitializeSecurityContext: The logon attempt failed
      

      If the same command is run with the -p password parameter, the tools auths successfully.

      This indicates that the underlying kerberos configuration is functional, but the tools is unable to leverage the existing kerberos ticket for auth purposes.

      Attachments

        Issue Links

          Activity

            People

              backlog-server-platform DO NOT USE - Backlog - Platform Team
              luke.prochazka@mongodb.com Luke Prochazka
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: