[DOCS-3318] Java driver does not canonicalize server name for Kerberos automatically Created: 01/May/14  Updated: 27/Jul/16  Resolved: 03/Apr/15

Status: Closed
Project: Documentation
Component/s: ecosystem
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Critical - P2
Reporter: Alexander Komyagin Assignee: Michael Paik
Resolution: Done Votes: 1
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 7 years, 29 weeks ago

 Description   

According to javadocs:

/*
      Creates a MongoCredential instance for the GSSAPI SASL mechanism.  To override the default service name of {@code "mongodb"},
     * add a mechanism property with the name {@code "SERVICE_NAME"}. To force canonicalization of the host name prior to authentication,
     * add a mechanism property with the name {@code "CANONICALIZE_HOST_NAME"} with the value{@code true}.
     
      @param userName the user name
     * @return the credential
     * @see #withMechanismProperty(String, Object)
     
      @mongodb.server.release 2.4
     */

We should outline this in docs, as it's a great source of confusion on the client side. If the Kerberos service principal is using canonicalized instance name, and Java driver uses IP, then without the CANONICALIZE_HOST_NAME property you will be getting "Server not found in Kerberos database (7) - UNKNOWN_SERVER" exception from GSS.



 Comments   
Comment by Emily Hall [ 27/Jul/16 ]

Closed for housekeeping on 7/27/2016 by Emily Hall.
If you require additional support, please open a new ticket for prioritization.
Thanks,
Emily

Comment by Githook User [ 03/Apr/15 ]

Author:

{u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}

Message: DOCS-3318

DOCS-3318 edits

DOCS-3318 edits - moot as this is going away.
Branch: master
https://github.com/mongodb/docs-ecosystem/commit/06ce620446708e7b64f81ff2360935024096f470

Comment by Githook User [ 03/Apr/15 ]

Author:

{u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}

Message: DOCS-3318

DOCS-3318 edits

DOCS-3318 edits - moot as this is going away.
Branch: master
https://github.com/mongodb/docs-ecosystem/commit/06ce620446708e7b64f81ff2360935024096f470

Comment by Githook User [ 03/Apr/15 ]

Author:

{u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}

Message: DOCS-3318

DOCS-3318 edits

DOCS-3318 edits - moot as this is going away.
Branch: master
https://github.com/mongodb/docs-ecosystem/commit/06ce620446708e7b64f81ff2360935024096f470

Comment by Jeffrey Yemin [ 01/May/14 ]

Editable here: https://github.com/mongodb/docs-ecosystem/blob/master/source/tutorial/authenticate-with-java-driver.txt

Comment by Alexander Komyagin [ 01/May/14 ]

I think this is the best place: http://docs.mongodb.org/ecosystem/tutorial/authenticate-with-java-driver/

Generated at Thu Feb 08 07:45:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.