-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Fully Compatible
-
Security 2019-10-21, Security 2019-11-04, Security 2019-11-18, Security 2019-12-02
Check the key tab exists if it is a file based keytab or warn the user if it is not - https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_have_content.html
Iterate through all entries
https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_client_default.html
https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_kt_start_seq_get.html
Server: Check for users with prefix mongodb and wrong DNS name
Client: Check that the user specified as the user name is the one listed in the keytab
Optional:
- Report the current active contexts with "klist -Al"
- If "KRB5_CONFIG" is defined, get the krb5.conf contents
- If "KRB5_TRACE" is defined, get the ktrace.log contents
- If "KRB5_KTNAME" is defined, get the keytab entries with "ktutil -k $KRB5_KTNAME list"
- If "KRB5_CLIENT_KTNAME" is defined, get the keytab entries with "ktutil -k $KRB5_CLIENT_KTNAME list”