[CSHARP-1052] Connecting to MongoDb via C# Driver with Kerberos Auth and a Keytab Created: 27/Aug/14 Updated: 05/Apr/19 Resolved: 04/Apr/15 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Security |
| Affects Version/s: | 2.0 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Sukh Chana | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | question | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
MongoDb service is running on a Red Hat Enterprise Linux box in our internal cloud. I am trying to connect to it using kerberos, from a Windows machine. |
||
| Description |
|
Hi, I am having trouble connecting to MongoDb using kerberos authentication. I have created a keytab and added it to the keytabs folder. My installation of MongoDb is located at: I can generate a token from the Kerberos server using kinit and specifying the keytab located at: /opt/mongodb/keytab, this successfully generates a keytab for the FID: ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net kinit -k -t ost_linux_mongo.keytab ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net Through the shell, I can then login to the database using the following command:- ./bin/mongo --authenticationMechanism=GSSAPI --authenticationDatabase=\$external -u ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net@NAMUXDEV.DYN.NSROOT.NET vm-1b98-f53f:32017/admin --ssl The login works without issues. However the issue is that when I attempt the same via the windows machine using the following config:- var credential = MongoCredential.CreateGssapiCredential("ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net@NAMUXDEV.DYN.NSROOT.NET","pass"); var settings = new MongoClientSettings , UseSsl = true, client = new MongoClient(settings); Initialization method DataStatsTest.MongoDbCrudTest.SetUp threw exception. MongoDB.Driver.MongoConnectionException: MongoDB.Driver.MongoConnectionException: Unable to connect to server vm-1b98-f53f.nam.nsroot.net:32017: Unable to initialize security context. Ensure the username and password are correct.. ---> MongoDB.Driver.Communication.Security.MongoSecurityException: Unable to initialize security context. Ensure the username and password are correct. ---> MongoDB.Driver.Communication.Security.Mechanisms.Sspi.Win32Exception: No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could be unreachable, or there might have been a trust relationship failure.. |
| Comments |
| Comment by Craig Wilson [ 27/Aug/14 ] |
|
Hi Sukh, On windows, the .NET driver uses SSPI to handle kerberos negotiations. As such, there is no keytab on windows, but rather a username and password. It appears as though you have specified everything correctly via code, but chances are your windows machine hasn't been setup. 1. Are you running Active Directory or a linux based kdc? Craig |