[JAVA-1077] Offer option to canonicalize server name used for GSSAPI authentication Created: 14/Jan/14 Updated: 03/Jan/18 Resolved: 24/Jan/14 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | None |
| Fix Version/s: | 2.12.0, 3.0.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Jeffrey Yemin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Case: | (copied to CRM) | ||||
| Description |
|
Section 4.1 of http://www.ietf.org/rfc/rfc2743.txt says:
Oracle's GSSAPI implementation is not canonicalizing (note that it's optional). Given that, the driver should be able to do the canonicalization on behalf of the application, as authentication can fail if the application provides the driver with a DNS alias to a mongos server. In scope of this ticket, we need to determine whether the canonicalization should always be done, or whether it should be opt-in. |
| Comments |
| Comment by Githook User [ 24/Jan/14 ] |
|
Author: {u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 24/Jan/14 ] |
|
Author: {u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 15/Jan/14 ] |
|
Author: {u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}Message: |