[SERVER-44396] Run the client half of the GSSAPI conversation in mongokerberos Created: 04/Nov/19  Updated: 29/Oct/23  Resolved: 22/Jan/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.3.3

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-44108 Check rdns setting in kerberos client... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2019-11-18, Security 2019-12-02, Security 2019-12-16, Security 2019-12-30, Security 2019-01-13, Security 2019-01-27
Participants:

 Description   

Acquiring a client principal, and acquiring a service ticket for the target service can be performed by the client, without sending messages across the non-existent wire. Performing these checks in mongokerberos will let us ensure that the client's keys can be used to obtain service tickets.

Relevant RFCs:



 Comments   
Comment by Githook User [ 22/Jan/20 ]

Author:

{'username': 'super-cooper', 'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-44396 Run the client half of the GSSAPI conversation in mongokerberos
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/eb42a2b7901934f6059990d52aaa9ab67c135e89

Generated at Thu Feb 08 05:05:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.