Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20387

Broken kerberos implementation in mongodump & mongorestore

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Gone away
    • Affects Version/s: 2.6.10
    • Fix Version/s: None
    • Component/s: Security, Tools
    • Labels:
      None
    • Environment:
      Windows
    • Operating System:
      Windows

      Description

      The mongodump & mongorestore tools do not completely support kerberos auth. For example, when running with the following syntax which omits the password field:

      .\mongodump -u "user@DOMAIN.LOCAL" --authenticationDatabase '$external' --authenticationMechanism GSSAPI
      

      This fails with the following error:

      assertion: 17 SASL(-1): generic failure: SSPI: InitializeSecurityContext: The logon attempt failed
      

      If the same command is run with the -p password parameter, the tools auths successfully.

      This indicates that the underlying kerberos configuration is functional, but the tools is unable to leverage the existing kerberos ticket for auth purposes.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-platform DO NOT USE - Backlog - Platform Team
              Reporter:
              luke.prochazka Luke Prochazka
              Participants:
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: