[SERVER-44781] Fix keytab service DNS check in mongokerberos Created: 22/Nov/19 Updated: 29/Oct/23 Resolved: 09/Dec/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Adam Cooper (Inactive) | Assignee: | Adam Cooper (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Security 2019-12-16 |
| Participants: |
| Description |
|
mongokerberos' s keytab DNS check verifies the DNS name of service principals against the KDC host name instead of the service's host name. We want to verify that the host name in service keytab entries resolves to the same host name as the provided service. |
| Comments |
| Comment by Githook User [ 09/Dec/19 ] |
|
Author: {'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}Message: |