Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-43163

Add keytab checks

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.3.3
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • Security 2019-10-21, Security 2019-11-04, Security 2019-11-18, Security 2019-12-02

      Check the key tab exists if it is a file based keytab or warn the user if it is not - https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_have_content.html

      Iterate through all entries
      https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_client_default.html
      https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_start_seq_get.html
      Server: Check for users with prefix mongodb and wrong DNS name
      Client: Check that the user specified as the user name is the one listed in the keytab

      Optional:

      • Report the current active contexts with "klist -Al"
      • If "KRB5_CONFIG" is defined, get the krb5.conf contents
      • If "KRB5_TRACE" is defined, get the ktrace.log contents
      • If "KRB5_KTNAME" is defined, get the keytab entries with "ktutil -k $KRB5_KTNAME list"
      • If "KRB5_CLIENT_KTNAME" is defined, get the keytab entries with "ktutil -k $KRB5_CLIENT_KTNAME list”

            Assignee:
            adam.cooper@mongodb.com Adam Cooper (Inactive)
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: