[SERVER-11770] Sasl Service Name cannot be specified for the shell or tools Created: 18/Nov/13  Updated: 25/Feb/19  Resolved: 28/Feb/14

Status: Closed
Project: Core Server
Component/s: Security, Tools
Affects Version/s: 2.5.4
Fix Version/s: 2.6.0-rc1

Type: New Feature Priority: Major - P3
Reporter: Craig Wilson Assignee: Andy Schwerin
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-9012 Sasl Service Name cannot be specified... Closed
Related
is related to GODRIVER-698 Support for GSSAPI "ServiceHost" Closed
is related to SERVER-8479 Let system administrator specify the ... Closed
Participants:

 Description   

The mongod and mongos service components allow changing the saslServiceName from the default of "mongodb". If this is done, then it is impossible for the mongo shell or any of the tools (mongodump, etc...) to authenticate with the server because the saslServiceName is not able to be specified in the client.



 Comments   
Comment by Githook User [ 28/Feb/14 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-11770 Support setting the gssapiServiceName in mongo* tools.
Branch: master
https://github.com/mongodb/mongo/commit/f18e88ffafd615d515f3359ee73f719b1667e193

Comment by Githook User [ 28/Feb/14 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-11770 Support changing the default gssapiServiceName from the shell command line.

This patch allows the user to specify an alternate gssapiServiceName (default is mongodb)
when authenticating using GSSAPI/Kerberos. It also allows the user to specify the host
name to use for authentication purposes, when this does not match the DNS host name.
Both of these functions were previously exposed only through the db.auth() method,
and not for command-line authentication.
Branch: master
https://github.com/mongodb/mongo/commit/944807590b5d7a6a5b7b53f02bd032faf9406507

Comment by Andy Schwerin [ 27/Feb/14 ]

Note that the shell already supports setting the service name on auth requests, just not for authentications on the command line. Just add the "serviceName" argument to the params object you pass to db.auth. For example,

db.getSiblingDB("$external").auth({ user: "user@REALM", mechanism: "GSSAPI", serviceName: "altmongodb"});

Generated at Thu Feb 08 03:26:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.