[JAVA-1019] Ability to support multiple Kerberos keytab files Created: 15/Oct/13  Updated: 02/Oct/16  Resolved: 02/Oct/16

Status: Closed
Project: Java Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Andre de Frere Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates JAVA-2106 Improve configurability of GSSAPI aut... Closed
Related

 Description   

There are applications that have the desire to become multiple identities during runtime and are looking to be able to either log into different or the same cluster with multiple keytabs that each have different user principals. Currently in order to get the driver to work with Kerberos you must kinit, which only supports a single principal



 Comments   
Comment by Jeffrey Yemin [ 02/Oct/16 ]

Duplicates JAVA-2106

Comment by Jeffrey Yemin [ 02/Oct/16 ]

You can do this now by specifying a Subject as a mechanism property. See http://mongodb.github.io/mongo-java-driver/3.3/driver/reference/connecting/authenticating/#gssapi for details.

Comment by Jeffrey Yemin [ 07/Mar/14 ]

I think this can be done if you use JAAS.

Comment by Jeffrey Yemin [ 24/Jan/14 ]

You don't have to kinit. You can use a keytab, specified in the login configuration. Just not sure if you can have more than one.

Generated at Thu Feb 08 08:53:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.