[SERVER-8202] mongod does not start with auth enabled and auth mechanism of GSSAPI Created: 16/Jan/13  Updated: 15/Feb/13  Resolved: 24/Jan/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Mark porter Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

mongodb 2.3.2, RHEL 6.3


Issue Links:
Depends
Operating System: ALL
Participants:

 Description   

`mongod` currently not starting on RHEL 6.3 with "auth" enabled and using GSSAPI as the authentication mechanism.

env KRB5_KTNAME=/etc/mongo_ec2-184-72-171-156.keytab /usr/local/bin/m232/bin/mongod --auth --setParameter authenticationMechanisms=GSSAPI --dbpath /data/db --logpath /var/tmp/mongod_auth.log --fork

Failed global initialization: BadValue Unsupported authenticationMechanism: "GSSAPI"



 Comments   
Comment by Mark porter [ 25/Jan/13 ]

Andy...thx, that's what we suspected so that makes sense.

Comment by Andy Schwerin [ 24/Jan/13 ]

Mark, this was a name resolution issue. For 2.4.0, the kerberos realm must be derivable from the domain to which the host running mongod/mongos believes it belongs. See SERVER-8325 for something that might make this easier to deal with, in the future.

Comment by Andy Schwerin [ 17/Jan/13 ]

I suspect this has to do with the automatic realm resolution performed by the gssapi library. If the hostname of the server were in the 10gen.me domain, I suspect this would work. It's more a kerberos behavior than a bug. Will attempt to verify before closing this ticket.

Generated at Thu Feb 08 03:16:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.