[SERVER-8325] Let administrator override sasl service name and host name used by server for GSSAPI authentication. Created: 24/Jan/13 Updated: 21/Feb/13 Resolved: 14/Feb/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
The administrator of a system should be able to specify a service principal other than the one formed by combining "mongodb" and the FQDN of the host name running the mongo service, as returned by getHostNameCached(). Implementing this feature would facilitate running mongo clusters in environments where servers and clients may disagree about each others' FQDN. Mongod should start the following two setParameters at startup: *saslServiceName – reported name of the service for authentication purposes, defaults to mongodb Then, either isMaster should return those parameters, or (better?) the getParameter command should enable even unauthenticated users to fetch those two parameter values. |
| Comments |
| Comment by Craig Wilson [ 26/Jan/13 ] |
|
isMaster would be better. All drivers are already using that to keep up-to-date on the state of the servers. Why would we want to allow enterprises to change the saslServiceName? I know some have asked, but I don't know the reasoning. |