Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8325

Let administrator override sasl service name and host name used by server for GSSAPI authentication.

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Minor Change

      The administrator of a system should be able to specify a service principal other than the one formed by combining "mongodb" and the FQDN of the host name running the mongo service, as returned by getHostNameCached(). Implementing this feature would facilitate running mongo clusters in environments where servers and clients may disagree about each others' FQDN.

      Mongod should start the following two setParameters at startup:

      *saslServiceName – reported name of the service for authentication purposes, defaults to mongodb
      *saslHostName – reported host name for authentication purposes, defaults to getHostNameCached().

      Then, either isMaster should return those parameters, or (better?) the getParameter command should enable even unauthenticated users to fetch those two parameter values.

            Assignee:
            Unassigned Unassigned
            Reporter:
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: