[SERVER-8202] mongod does not start with auth enabled and auth mechanism of GSSAPI Created: 16/Jan/13 Updated: 15/Feb/13 Resolved: 24/Jan/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark porter | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
mongodb 2.3.2, RHEL 6.3 |
||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
`mongod` currently not starting on RHEL 6.3 with "auth" enabled and using GSSAPI as the authentication mechanism.
|
| Comments |
| Comment by Mark porter [ 25/Jan/13 ] |
|
Andy...thx, that's what we suspected so that makes sense. |
| Comment by Andy Schwerin [ 24/Jan/13 ] |
|
Mark, this was a name resolution issue. For 2.4.0, the kerberos realm must be derivable from the domain to which the host running mongod/mongos believes it belongs. See |
| Comment by Andy Schwerin [ 17/Jan/13 ] |
|
I suspect this has to do with the automatic realm resolution performed by the gssapi library. If the hostname of the server were in the 10gen.me domain, I suspect this would work. It's more a kerberos behavior than a bug. Will attempt to verify before closing this ticket. |