[DRIVERS-465] Update algorithm for Kerberos hostname canonicalization Created: 14/Mar/18  Updated: 02/Mar/21

Status: Implementing
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on NODE-1370 Update algorithm for Kerberos hostnam... Closed
depends on GODRIVER-283 Update algorithm for Kerberos hostnam... Backlog
depends on CSHARP-2216 Update algorithm for Kerberos hostnam... Backlog
depends on CDRIVER-2551 Update algorithm for Kerberos hostnam... Closed
depends on CXX-1529 Update algorithm for Kerberos hostnam... Closed
depends on JAVA-2812 Update algorithm for Kerberos hostnam... Closed
depends on MOTOR-208 Update algorithm for Kerberos hostnam... Closed
depends on PHPC-1139 Update algorithm for Kerberos hostnam... Closed
depends on PYTHON-1505 Update algorithm for Kerberos hostnam... Closed
depends on RUBY-1316 Update algorithm for Kerberos hostnam... Closed
Related
Case:
Driver Compliance:
Key Status/Resolution FixVersion
NODE-1370 Fixed
SCALA-387 Done
PYTHON-1505 Duplicate
CSHARP-2216 Backlog
PERL-874 Won't Fix
RUBY-1316 Fixed 2.7.0.rc0
JAVA-2812 Works as Designed
CXX-1529 Fixed 3.3.0-rc0
PHPC-1139 Fixed 1.5.0
MOTOR-208 Fixed 2.0
GODRIVER-283 Backlog
CDRIVER-2551 Works as Designed

 Description   

See spec change here. To test, get ldaptest.10gen.cc's IP address. Assuming that $AUTH_HOST has been set to "ldaptest.10gen.cc" via Evergreen project configuration:

case "$OS" in
   cygwin*)
      IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
      ;;
 
   darwin)
      IP_ADDR=`dig $AUTH_HOST +short | tail -1`
      ;;
 
   *)
      IP_ADDR=`getent hosts $AUTH_HOST | head -n 1 | awk '{print $1}'`
esac

Then ensure you can authenticate to ldaptest even with the IP address instead of the hostname in the URI. In the libmongoc Evergreen script, the URI is formatted like:

mongodb://${AUTH_GSSAPI}@${IP_ADDR}/?authMechanism=GSSAPI&authMechanismProperties=CANONICALIZE_HOST_NAME:true"

Ensure you can do a "ping" command or something else that proves you authenticated.


Generated at Thu Feb 08 08:21:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.