[SERVER-8325] Let administrator override sasl service name and host name used by server for GSSAPI authentication. Created: 24/Jan/13  Updated: 21/Feb/13  Resolved: 14/Feb/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andy Schwerin Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-8479 Let system administrator specify the ... Closed
Related
Backwards Compatibility: Minor Change
Participants:

 Description   

The administrator of a system should be able to specify a service principal other than the one formed by combining "mongodb" and the FQDN of the host name running the mongo service, as returned by getHostNameCached(). Implementing this feature would facilitate running mongo clusters in environments where servers and clients may disagree about each others' FQDN.

Mongod should start the following two setParameters at startup:

*saslServiceName – reported name of the service for authentication purposes, defaults to mongodb
*saslHostName – reported host name for authentication purposes, defaults to getHostNameCached().

Then, either isMaster should return those parameters, or (better?) the getParameter command should enable even unauthenticated users to fetch those two parameter values.



 Comments   
Comment by Craig Wilson [ 26/Jan/13 ]

isMaster would be better. All drivers are already using that to keep up-to-date on the state of the servers.

Why would we want to allow enterprises to change the saslServiceName? I know some have asked, but I don't know the reasoning.

Generated at Thu Feb 08 03:17:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.