[DOCS-12514] Incorrect instructions and spelling for Kerberos Created: 26/Feb/19  Updated: 30/Oct/23  Resolved: 12/Nov/21

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Bug Priority: Major - P3
Reporter: Brett Gray Assignee: Kenneth Dyer
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 2 years, 12 weeks, 5 days ago
Epic Link: DOCSP-1769
Story Points: 0.5

 Description   

Description

Our instructions within the Configure MongoDB with Kerberos Authentication on Linux we advise to use the following in the /etc/sysconfig/mongod file:

export KRB5_KTNAME="<path to keytab>"

This is incorrect as mongod fails to start with the following error:

[main] Fatal assertion 50743 UnknownError: gssapi could not acquire server credential for mongodb/mongod0.mongodb.local@MONGODB.LOCAL; Major code 851968; Unspecified GSS failure.  Minor code may provide more information; Minor code 2; Key table file '/etc/krb5.keytab' not found;  at src/mongo/db/modules/enterprise/src/sasl/cyrus_sasl_authentication_session.cpp 334

The correct line should resemble:

KRB5_KTNAME="<path to keytab>"

Further to this, there is a spelling error where we state KR5_KTNAME instead of KRB5_KTNAME.

Scope of changes

  • Investigate issue and confirm fix
  • Update and backport as necessary

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 12/Nov/21 ]

Author:

{'name': 'Kenneth P. J. Dyer', 'email': '93145796+kennethdyer@users.noreply.github.com', 'username': 'kennethdyer'}

Message: DOCS-12514 incorrect instruction and spelling for Kerberos (#6138)
Branch: v4.0
https://github.com/mongodb/docs/commit/385ab6e957a05455ca047e61b51461434ff9b77e

Comment by Githook User [ 12/Nov/21 ]

Author:

{'name': 'Kenneth P. J. Dyer', 'email': '93145796+kennethdyer@users.noreply.github.com', 'username': 'kennethdyer'}

Message: DOCS-12514 incorrect instruction and spelling for Kerberos (#6137)
Branch: v4.2
https://github.com/mongodb/docs/commit/77ce263fef4287e3b6462f20806f8c6714ed68b0

Comment by Githook User [ 12/Nov/21 ]

Author:

{'name': 'Kenneth P. J. Dyer', 'email': '93145796+kennethdyer@users.noreply.github.com', 'username': 'kennethdyer'}

Message: DOCS-12514 incorrect instruction and spelling for Kerberos (#6136)
Branch: v4.4
https://github.com/mongodb/docs/commit/03fae727cc88b0843ca7d6d67907ee2a1f1d79eb

Comment by Githook User [ 12/Nov/21 ]

Author:

{'name': 'Kenneth P. J. Dyer', 'email': '93145796+kennethdyer@users.noreply.github.com', 'username': 'kennethdyer'}

Message: DOCS-12514 incorrect instruction and spelling for Kerberos (#6135)
Branch: v5.0
https://github.com/mongodb/docs/commit/06412c61e37aee7f46df29f51f331d621d98bf35

Comment by Githook User [ 10/Nov/21 ]

Author:

{'name': 'Kenneth P. J. Dyer', 'email': '93145796+kennethdyer@users.noreply.github.com', 'username': 'kennethdyer'}

Message: DOCS-12514 incorrect instruction and spelling for Kerberos (#6111)
Branch: master
https://github.com/mongodb/docs/commit/1874da8851847f1104f82f9c8f27788f3824cb7e

Comment by Brett Gray [ 15/Dec/19 ]

Thanks spencer.brown. My service file includes the following:

Environment="KRB5_KTNAME=/var/lib/mongodb/mongod.keytab"

(so I totally agree with what you are saying )

So I should change the suggested fix to include the Environment="..."

Comment by Spencer Brown [ 13/Dec/19 ]

systemd does not depend on bash or any shell to launch services
but there is an easy way to set environment variables for service executables
use Environment= or EnvironmentFile=
see https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html

Generated at Thu Feb 08 08:05:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.