Details
-
New Feature
-
Resolution: Gone away
-
Minor - P4
-
None
-
None
-
None
-
Service Arch
Description
I noticed, while investigating CDRIVER-2522, that the mongo shell and the MongoDB drivers have different ways to handle the situation where a server's hostname differs from the hostname the client should use for Kerberos authentication.
Drivers support CANONICALIZE_HOST_NAME, whose behavior is described in the Auth Spec. It is configured in the URI like:
mongodb://user@host/?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME:true
|
The shell is different; it permits users to set the GSSAPI hostname directly:
mongo <options> --gssapiHostname foo
|
There's a comment in mongo_uri_connect.cpp, "CANONICALIZE_HOST_NAME is currently unsupported".
I propose adding to the MongoDB client code the ability to recognize the CANONICALIZE_HOST_NAME option in the URI and canonicalize hostnames, following the Auth Spec. I have code in the C Driver that implements it for Windows and Unix.
Attachments
Issue Links
- is related to
-
CDRIVER-2522 Option to specify GSSAPI hostname
-
- Closed
-