[SERVER-22471] Allow Kerberos Principal Name Override Created: 04/Feb/16 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | features we're not sure of |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Danny Hatcher (Inactive) | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Participants: | |||||
| Description |
|
While handling incoming authentication attempts with the GSSAPI SASL mechanism, MongoDB uses a combination of its service name, 'mongodb' by default, and the local hostname to form a principal name. The components of the principal name are structured by GSSAPI when it imports the name. MongoDB searches its keytab for an entry with this principal name and uses it to handle incoming authentication attempts. Currently, mechanisms are in place which allow a user to override each of these components individually. One might desire the ability to explicitly request a principal name directly through a single configuration variable with none of the structure imposed by GSSAPI. This would enable a user to ask MongoDB to load keytab entries with arbitrary names. |
| Comments |
| Comment by Bereket Aloto [ 27/May/16 ] |
|
Hi Team, can you give us a status on this one and ETA? Thanks |
| Comment by Bereket Aloto [ 12/Apr/16 ] |
|
Team, whats the ETA for this one? Thanks |