[CDRIVER-2522] Option to specify GSSAPI hostname Created: 02/Mar/18 Updated: 19/Mar/18 Resolved: 19/Mar/18 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.7.0 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | winnie_quest | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
mongo-cxx-driver-r3.1.3 |
||
| Issue Links: |
|
||||||||
| Description |
|
I see this description in mongoDB officail mannual: so I run the mongo shell: and it works. but when I try to wrote program with mongo c driver(V 1.7.0), I found there's no parameter corresponding to "gssapiHostName". so my problem is: }; |
| Comments |
| Comment by A. Jesse Jiryu Davis [ 19/Mar/18 ] | |
|
| |
| Comment by winnie_quest [ 09/Mar/18 ] | |
|
thanks Jesse. | |
| Comment by A. Jesse Jiryu Davis [ 08/Mar/18 ] | |
|
Waiting for Product Management to consider this feature request for all drivers. | |
| Comment by A. Jesse Jiryu Davis [ 08/Mar/18 ] | |
|
Hi Winnie, please accept my apologies for not realizing this earlier. You're correct, CANONICALIZE_HOST_NAME requires Cyrus SASL, and you're correct that compiling with Cyrus SASL on Windows is difficult. We should implement the feature for Windows's default Kerberos provider, SSPI, so that CANONICALIZE_HOST_NAME is available for you on Windows easily. I've opened | |
| Comment by winnie_quest [ 08/Mar/18 ] | |
|
ok, thanks, got it. | |
| Comment by A. Jesse Jiryu Davis [ 08/Mar/18 ] | |
|
Hi Winnie. Drivers do not implement the mongo shell's "--gssapiHostName" option. In order to authenticate with Kerberos using a driver, you have two options: 1. Use the same hostname in the URI as the GSSAPI hostname. mongodb://username@1.2.3.4/?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME:true | |
| Comment by winnie_quest [ 08/Mar/18 ] | |
|
any update? | |
| Comment by winnie_quest [ 05/Mar/18 ] | |
|
another question is: If so, for the case "If you are connecting to a system whose hostname does not match the Kerberos name", the hostname is not the same as Kerberos name ,I still have the question: where to specify kerberos name? | |
| Comment by winnie_quest [ 05/Mar/18 ] | |
|
hi, my program is working on windows 7 as a connector which connects to MONGODB server using mongo cxx driver,my mongodb server is on ubuntu. currently, in my test environment, my hostname and Kerberos name are the same. with mongo shell on ubuntu, all three cases works: so I think as long as the gssapiHostName is specified, user should be able to connect to mongodb server with both ip and FQDN. according to your suggestion, I tried "authMechanismProperties=CANONICALIZE_HOST_NAME:true" , but it doesn't work, I can't connect to the server with this parameter. now my question is, is it possible for the user to connect to the server using both IP and FQDN with mongo cxx driver(WINDOWS)? | |
| Comment by A. Jesse Jiryu Davis [ 02/Mar/18 ] | |
|
Does "CANONICALIZE_HOST_NAME" meet your need?: http://mongoc.org/libmongoc/current/authentication.html#gssapi-kerberos-authentication If you connect like:
... then the driver will attempt to reverse-lookup the IP address. What OS are you using? |