[CDRIVER-2536] Cannot auth with MIT Kerberos if rdns=false is in krb5.conf Created: 07/Mar/18  Updated: 10/Feb/23

Status: Backlog
Project: C Driver
Component/s: auth
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Minor - P4
Reporter: A. Jesse Jiryu Davis Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: CDRIVER-4575

 Description   

On Ubuntu with Cyrus SASL and MIT Kerberos, if I put the following in /etc/krb5.conf:

[libdefaults]
    rdns = false

... then the C Driver cannot authenticate to our Kerberos test server. This seems true whether I use the server's hostname or IP address in the URI, and whether I set CANONICALIZE_HOST_NAME to true or false. Is this expected, or is there a bug in _mongoc_sasl_get_canonicalized_name?



 Comments   
Comment by A. Jesse Jiryu Davis [ 08/Mar/18 ]

Once we know the answer we might need to update the comment above _mongoc_sasl_get_canonicalized_name:

Some underlying layers of krb might do this for us, but they can be disabled in krb.conf.

Generated at Wed Feb 07 21:15:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.