[SERVER-22471] Allow Kerberos Principal Name Override Created: 04/Feb/16  Updated: 06/Dec/22

Status: Open
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: features we're not sure of

Type: New Feature Priority: Major - P3
Reporter: Danny Hatcher (Inactive) Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Participants:

 Description   

While handling incoming authentication attempts with the GSSAPI SASL mechanism, MongoDB uses a combination of its service name, 'mongodb' by default, and the local hostname to form a principal name. The components of the principal name are structured by GSSAPI when it imports the name. MongoDB searches its keytab for an entry with this principal name and uses it to handle incoming authentication attempts.

Currently, mechanisms are in place which allow a user to override each of these components individually. One might desire the ability to explicitly request a principal name directly through a single configuration variable with none of the structure imposed by GSSAPI. This would enable a user to ask MongoDB to load keytab entries with arbitrary names.



 Comments   
Comment by Bereket Aloto [ 27/May/16 ]

Hi Team, can you give us a status on this one and ETA?

Thanks
Bereket

Comment by Bereket Aloto [ 12/Apr/16 ]

Team, whats the ETA for this one?

Thanks
Bereket

Generated at Thu Feb 08 04:00:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.