[DOCS-9000] Kerberos Authentication on Windows from mongo client only works with FQDN Created: 28/Sep/16  Updated: 13/Nov/23  Resolved: 15/Jun/18

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: None
Fix Version/s: 3.2.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Minor - P4
Reporter: Emily Hall Assignee: Anthony Sansone (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-13885 Kerberos Authentication on Windows fr... Closed
Participants:
Days since reply: 5 years, 34 weeks, 6 days ago

 Description   

When authenticating from a Windows 7 2.6.1 enterprise client to a MongoDB 2.4.9 enterprise instance using Kerberos, the connection will only succeed if the FQDN is used in the URL instead of the short host name. Clients on Linux seem unaffected by this problem.

Example 1 - Using FQDN in the URL and everything works;

C:\Apps\MongoDB\2.6.1\bin>mongo host10601.intranet.mydomain.com:27118/admin -
authenticationDatabase='$external' -authenticationMechanism=GSSAPI -username mclennad@INTRANET.MYDOMAIN.COM
MongoDB shell version: 2.6.1
connecting to: host10601.intranet.mydomain.com:27118/admin
>

Example 2 - Using short name and get a GSSAPI error;

C:\Apps\MongoDB\2.6.1\bin>mongo host10601:27118/admin -authenticationDatabase=
'$external' -authenticationMechanism=GSSAPI -username mclennad@INTRANET.MYDOMAIN.COM
MongoDB shell version: 2.6.1
connecting to: host10601:27118/admin
2014-05-08T18:00:31.602-0400 Error: 17 SASL(-1): generic failure: SSPI: InitializeSecurityContext: The specified target is unknown or unreachable
at src/mongo/shell/db.js:1210
exception: login failed

Example 3 - DNS lookup of short name showing that FQDN is available;
C:\Apps\MongoDB\2.6.1\bin>nslookup host10601
Server: host013.mydomain.com
Address: 10.X.X.X

Non-authoritative answer:
Name: host10601.intranet.mydomain.com
Address: 10.Y.Y.Y



 Comments   
Comment by Anthony Sansone (Inactive) [ 15/Jun/18 ]

This issue is noted for version 3.6. Both MongoDB 2.4 and 2.6 are at end of life.

Generated at Thu Feb 08 07:57:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.