[JAVA-1019] Ability to support multiple Kerberos keytab files Created: 15/Oct/13 Updated: 02/Oct/16 Resolved: 02/Oct/16 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Andre de Frere | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Description |
|
There are applications that have the desire to become multiple identities during runtime and are looking to be able to either log into different or the same cluster with multiple keytabs that each have different user principals. Currently in order to get the driver to work with Kerberos you must kinit, which only supports a single principal |
| Comments |
| Comment by Jeffrey Yemin [ 02/Oct/16 ] |
|
Duplicates |
| Comment by Jeffrey Yemin [ 02/Oct/16 ] |
|
You can do this now by specifying a Subject as a mechanism property. See http://mongodb.github.io/mongo-java-driver/3.3/driver/reference/connecting/authenticating/#gssapi for details. |
| Comment by Jeffrey Yemin [ 07/Mar/14 ] |
|
I think this can be done if you use JAAS. |
| Comment by Jeffrey Yemin [ 24/Jan/14 ] |
|
You don't have to kinit. You can use a keytab, specified in the login configuration. Just not sure if you can have more than one. |