Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8641

Allow client to learn the service principal name for authentication purposes from the ismaster command

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • None

    Description

      This is a follow-on to SERVER-8479.

      If the server reports both the sasl service name and host name via ismaster, and alter to use the result of ismaster when doing GSSAPI authentication, then GSSAPI could be used for authentication in environments without complete DNS setups.

      Drivers would need a hook to let the client application decide if it was willing to authenticate to the principal reported by ismaster. However, since security conscious consumers will already be validating the server's SSL certificate, they should already trust the server by the time they're using ismaster to find out its GSSAPI identity.

      Attachments

        Activity

          People

            Unassigned Unassigned
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: