Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22471

Allow Kerberos Principal Name Override

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      While handling incoming authentication attempts with the GSSAPI SASL mechanism, MongoDB uses a combination of its service name, 'mongodb' by default, and the local hostname to form a principal name. The components of the principal name are structured by GSSAPI when it imports the name. MongoDB searches its keytab for an entry with this principal name and uses it to handle incoming authentication attempts.

      Currently, mechanisms are in place which allow a user to override each of these components individually. One might desire the ability to explicitly request a principal name directly through a single configuration variable with none of the structure imposed by GSSAPI. This would enable a user to ask MongoDB to load keytab entries with arbitrary names.

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

              • Created:
                Updated: