[CSHARP-2474] GSSAPI Authentication failing on LINUX RHEL7 with .NET Core 2.1 Created: 08/Jan/19  Updated: 28/Oct/23  Resolved: 12/Feb/21

Status: Closed
Project: C# Driver
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.12.0

Type: New Feature Priority: Major - P3
Reporter: ferdi rezvan Assignee: James Kovacs
Resolution: Fixed Votes: 5
Labels: rp-track
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Red Hat Enterprise Linux Server 7.4 (Maipo)

"MongoDB.Driver" Version="2.7.2"


Issue Links:
Related
Epic Link: CSHARP-2481
Case:

 Description   

I am currently running a c# .NET Core 2.1 application on OpenShift.

My application connects to Mongo on the Linux container, when using plain authentication.

When I try to GSSAPI with a keytab file I get the following error

Error: One or more errors occurred. (A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector

{ AllowedLatencyRange = 00:00:00.0150000 }

}. Client view of cluster state is { ClusterId : "2", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "

{ ClusterId : 2, EndPoint : "Unspecified/-xxxxx:xxxx-" }

", EndPoint: "Unspecified/xxxxx:xxxx", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.DllNotFoundException: Unable to load shared library 'security.dll' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: libsecurity.dll: cannot open shared object file: No such file or directory at MongoDB.Driver.Core.Authentication.Sspi.NativeMethods.AcquireCredentialsHandle(String principal, String package, SecurityCredentialUse credentialUsage, IntPtr logonId, IntPtr identity, Int32 keyCallback, IntPtr keyArgument, SspiHandle& credentialHandle, Int64& timestamp) at MongoDB.Driver.Core.Authentication.Sspi.SecurityCredential.Acquire(SspiPackage package, String username, SecureString password) at MongoDB.Driver.Core.Authentication.GssapiAuthenticator.FirstStep..ctor(String serviceName, String hostName, String realm, String username, SecureString password, SaslConversation conversation) at MongoDB.Driver.Core.Authentication.GssapiAuthenticator.GssapiMechanism.Initialize(IConnection connection, SaslConversation conversation, ConnectionDescription description) at MongoDB.Driver.Core.Authentication.SaslAuthenticator.AuthenticateAsync(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken) at MongoDB.Driver.Core.Authentication.AuthenticationHelper.AuthenticateAsync(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken) at MongoDB.Driver.Core.Connections.ConnectionInitializer.InitializeConnectionAsync(IConnection connection, CancellationToken cancellationToken) at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken) — End of inner exception stack trace — at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken) at MongoDB.Driver.Core.Servers.ServerMonitor.HeartbeatAsync(CancellationToken cancellationToken)" }, { ServerId: "

{ ClusterId : 2, EndPoint : "Unspecified/-xxxxx:xxxx-" }

", EndPoint: "Unspecified/xxxxx:xxxx", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.DllNotFoundException: Unable to load shared library 'security.dll' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: libsecurity.dll: cannot open shared object file: No such file or directory at MongoDB.Driver.Core.Authentication.Sspi.NativeMethods.AcquireCredentialsHandle(String principal, String package, SecurityCredentialUse credentialUsage, IntPtr logonId, IntPtr identity, Int32 keyCallback, IntPtr keyArgument, SspiHandle& credentialHandle, Int64& timestamp) at MongoDB.Driver.Core.Authentication.Sspi.SecurityCredential.Acquire(SspiPackage package, String username, SecureString password) at MongoDB.Driver.Core.Authentication.GssapiAuthenticator.FirstStep..ctor(String serviceName, String hostName, String realm, String username, SecureString password, SaslConversation conversation) at MongoDB.Driver.Core.Authentication.GssapiAuthenticator.GssapiMechanism.Initialize(IConnection connection, SaslConversation conversation, ConnectionDescription description) at MongoDB.Driver.Core.Authentication.SaslAuthenticator.AuthenticateAsync(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken) at MongoDB.Driver.Core.Authentication.AuthenticationHelper.AuthenticateAsync(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken) at MongoDB.Driver.Core.Connections.ConnectionInitializer.InitializeConnectionAsync(IConnection connection, CancellationToken cancellationToken) at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken) — End of inner exception stack trace — at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken) at MongoDB.Driver.Core.Servers.ServerMonitor.HeartbeatAsync(CancellationToken cancellationToken)" }] }.)
 

Should the version running on Linux be looking for the security.dll?

 

I have following the instructions on the following page

 

https://mongodb-documentation.readthedocs.io/en/latest/ecosystem/tutorial/authenticate-with-csharp-driver.html#linux-systems



 Comments   
Comment by Githook User [ 12/Feb/21 ]

Author:

{'name': 'James Kovacs', 'email': 'jkovacs@post.harvard.edu', 'username': 'JamesKovacs'}

Message: CSHARP-2474/CSHARP-2481 Added documentation for Kerberos/GSSAPI on Linux.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/93cce5f31baad031e0ea3a101c27954a2c5b79d2

Comment by Githook User [ 12/Feb/21 ]

Author:

{'name': 'James Kovacs', 'email': 'jkovacs@post.harvard.edu', 'username': 'JamesKovacs'}

Message: CSHARP-2474 / CSHARP-2481: Implement libgssapi support for Kerberos auth on Linux.
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/69618dd0a044a198f266f08c39a0b975a5ea6f27

Comment by Emilio Scalise [ 01/Jul/20 ]

Thanks for the update rachelle.palmer, can I mention this to the customer or is it better to wait for completion of this?

Comment by Rachelle Palmer [ 24/Jun/20 ]

As an update on this issue: Our engineering team is starting work on this project this quarter; will update further as we get closer to completion.

Comment by ferdi rezvan [ 08/Jan/19 ]

Just to add I also have 

 
yum install krb5-workstation krb5-libs krb5-auth-dialog -y 
yum install libgsasl -y 

Generated at Wed Feb 07 21:42:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.