[COMPASS-4272] Kerberos Authentication Issue Created: 04/May/20 Updated: 29/Oct/23 Resolved: 25/Sep/20 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Connectivity |
| Affects Version/s: | 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.21.0 |
| Fix Version/s: | 1.23.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Aniq Pirzada | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Documentation Changes: | Not Needed | ||||||||
| Sprint: | Iteration Dragon Fruit, Iteration Elderberry, Iteration Fig, Iteration Guanábana, Iteration Huckleberry, Iteration Icaco, Iteration Jackfruit, Iteration Lime, Iteration Maracuja | ||||||||
| Description |
|
All MongoDB Compass versions after 1.15.0 do not allow me to connect. I connect to the DB using the following fields: Hostname: <hostname> Port: <port> Authentication: Kerberos Principle: <userid>@<domain> Password: <password> Service Name: <service name> SSL: Server Validation
and I am presented with 'AcquireCredentialsHandle: The token supplied to the function is invalid'
This has been the issue on all versions after 1.16.0. The last working version is 1.15.0
|
| Comments |
| Comment by Maurizio Casimirri [ 10/Aug/20 ] | |||||||||||
|
pirzadaaniq@gmail.com we are currently working with the driver team to fix another bug with kerberos connectivity so we could use new driver version with kerberos and in the meanwhile we will debug this issue separately. If you could, having these informations would help us:
| |||||||||||
| Comment by Aniq Pirzada [ 28/Jul/20 ] | |||||||||||
|
I just tried the following on 1.20.0
and I get
I get the same if I provide a password too.
----------- On version 1.18.0 Same details as above i am getting
| |||||||||||
| Comment by Maurizio Casimirri [ 28/Jul/20 ] | |||||||||||
|
pirzadaaniq@gmail.com thanks for your reply! Any version later than 1.20.x unfortunately is affected by another issue with kerberos, so is not easy to isolate this bug and relate it to kerberos or TLS. We will try to reproduce it on 1.20 without the password, which is know to work with kerberos. | |||||||||||
| Comment by Aniq Pirzada [ 28/Jul/20 ] | |||||||||||
|
I cannot use Keberos authentication on any version after 1.15 Currently tried the following version: 1.21.2
and I am getting:
but the same details works perfectly fine on MongoCompass 1.15.0
| |||||||||||
| Comment by Maurizio Casimirri [ 28/Jul/20 ] | |||||||||||
|
> If I give no password on Keberos (only usename) I get: 'InitializeSecurityContext: The specified target is unkown or unreachable' pirzadaaniq@gmail.com The error: InitializeSecurityContext: The specified target is unkown or unreachable. Is a known issue (https://jira.mongodb.org/projects/HELP/queues/issue/COMPASS-4319) with >= 1.21, does it happen in 1.20 without the password? https://jira.mongodb.org/projects/HELP/queues/issue/COMPASS-4319 is currently being solved, if you can connect without the password in 1.20 then the fix for | |||||||||||
| Comment by Aniq Pirzada [ 11/May/20 ] | |||||||||||
|
If I change Authentication to 'None' I can connect and get the error: 'An error occurred while loading navigation: there are no users authenticated'
If I give no password on Keberos (only usename) I get: 'InitializeSecurityContext: The specified target is unkown or unreachable' | |||||||||||
| Comment by Massimiliano Marcon [ 11/May/20 ] | |||||||||||
|
pirzadaaniq@gmail.com can you try without specifying a password? |