<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:15:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-2522] Option to specify GSSAPI hostname</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-2522</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;I see this description in &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/control-access-to-mongodb-with-kerberos-authentication&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongoDB officail mannual&lt;/a&gt;:&lt;br/&gt;
&quot;If you are connecting to a system whose hostname *does not match *the Kerberos name, use --gssapiHostName to specify the Kerberos FQDN that it responds to.&quot;&lt;/p&gt;

&lt;p&gt;so I run the mongo shell:&lt;br/&gt;
administrator@mon:~$ mongo --host 10.154.10.100 --authenticationMechanism=GSSAPI --authenticationDatabase=&apos;$external&apos; --username user1@KER.COM &lt;font color=&quot;red&quot;&gt; --gssapiHostName mon.ker.com&lt;/font&gt;&lt;/p&gt;

&lt;p&gt;and it works.&lt;/p&gt;

&lt;p&gt;but when I try to wrote program with mongo c driver(V 1.7.0), I found there&apos;s no parameter corresponding to &quot;gssapiHostName&quot;.&lt;/p&gt;

&lt;p&gt;so my problem is: &lt;br/&gt;
how could I specify the &quot;gssapiHostName&quot; in the following connection string?&lt;br/&gt;
auto client = mongocxx::client{ mongocxx::uri&lt;/p&gt;
{ &quot;mongodb://user1%40KER.COM:123@10.154.10.100/?authMechanism=GSSAPI&quot; }
&lt;p&gt; }; &lt;/p&gt;
</description>
                <environment>mongo-cxx-driver-r3.1.3&lt;br/&gt;
mongo-c-driver-1.7.0</environment>
        <key id="504565">CDRIVER-2522</key>
            <summary>Option to specify GSSAPI hostname</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="jesse@mongodb.com">A. Jesse Jiryu Davis</assignee>
                                    <reporter username="winnie_quest">winnie_quest</reporter>
                        <labels>
                    </labels>
                <created>Fri, 2 Mar 2018 09:05:30 +0000</created>
                <updated>Mon, 19 Mar 2018 18:35:05 +0000</updated>
                            <resolved>Mon, 19 Mar 2018 18:24:49 +0000</resolved>
                                    <version>1.7.0</version>
                                                    <component>libmongoc</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="1838644" author="jesse" created="Mon, 19 Mar 2018 18:24:43 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2537&quot; title=&quot;GSSAPI / Kerberos hostname canonicalization on Windows&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2537&quot;&gt;&lt;del&gt;CDRIVER-2537&lt;/del&gt;&lt;/a&gt; is now complete: CANONICALIZE_HOST_NAME will work on Windows once C Driver 1.10 is released. However, we are &lt;b&gt;not&lt;/b&gt; going to do the feature described in this ticket: we will not provide an equivalent to the MongoDB shell&apos;s &quot;--gssapiHostName&quot; option. Our Product Management team has decided this is not a valuable feature for drivers right now.&lt;/p&gt;</comment>
                            <comment id="1828278" author="winnie_quest" created="Fri, 9 Mar 2018 01:13:41 +0000"  >&lt;p&gt;thanks Jesse. &lt;/p&gt;</comment>
                            <comment id="1827786" author="jesse" created="Thu, 8 Mar 2018 19:38:58 +0000"  >&lt;p&gt;Waiting for Product Management to consider this feature request for all drivers.&lt;/p&gt;</comment>
                            <comment id="1827152" author="jesse" created="Thu, 8 Mar 2018 13:30:53 +0000"  >&lt;p&gt;Hi Winnie, please accept my apologies for not realizing this earlier. You&apos;re correct, CANONICALIZE_HOST_NAME requires Cyrus SASL, and you&apos;re correct that compiling with Cyrus SASL on Windows is difficult. We should implement the feature for Windows&apos;s default Kerberos provider, SSPI, so that CANONICALIZE_HOST_NAME is available for you on Windows easily. I&apos;ve opened &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2537&quot; title=&quot;GSSAPI / Kerberos hostname canonicalization on Windows&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2537&quot;&gt;&lt;del&gt;CDRIVER-2537&lt;/del&gt;&lt;/a&gt; to track the new feature.&lt;/p&gt;</comment>
                            <comment id="1826899" author="winnie_quest" created="Thu, 8 Mar 2018 02:37:17 +0000"  >&lt;p&gt;ok, thanks, got it.&lt;br/&gt;
and if I want to use &quot;CANONICALIZE_HOST_NAME&quot;, I must compile with &quot;-DENABLE_SASL=CYRUS&quot;, correct?&lt;br/&gt;
it seems it&apos;s not easy for windows to do so. &lt;/p&gt;</comment>
                            <comment id="1826891" author="jesse" created="Thu, 8 Mar 2018 02:30:58 +0000"  >&lt;p&gt;Hi Winnie. Drivers do not implement the mongo shell&apos;s &quot;--gssapiHostName&quot; option. In order to authenticate with Kerberos using a driver, you have two options:&lt;/p&gt;

&lt;p&gt;1. Use the same hostname in the URI as the GSSAPI hostname.&lt;br/&gt;
2. The result of a reverse DNS lookup of the hostname in the URI must equal the GSSAPI hostname, and you must specify hostname canonicalization in the URI, like this:&lt;/p&gt;

&lt;p&gt;mongodb://username@1.2.3.4/?authMechanism=GSSAPI&amp;amp;authMechanismProperties=CANONICALIZE_HOST_NAME:true&lt;/p&gt;</comment>
                            <comment id="1826888" author="winnie_quest" created="Thu, 8 Mar 2018 02:23:52 +0000"  >&lt;p&gt;any update?&lt;/p&gt;</comment>
                            <comment id="1822772" author="winnie_quest" created="Mon, 5 Mar 2018 06:36:45 +0000"  >&lt;p&gt;another question is:&lt;br/&gt;
CANONICALIZE_HOST_NAME is to reverse-lookup the IP address, and find the corresponding host name, am I correct?&lt;/p&gt;

&lt;p&gt;If so,  for the case &quot;If you are connecting to a system whose hostname &lt;b&gt;does not match&lt;/b&gt; the Kerberos name&quot;,  the hostname is not the same as Kerberos name ,I still have the question: where to specify kerberos name&#65311;&lt;/p&gt;
</comment>
                            <comment id="1822722" author="winnie_quest" created="Mon, 5 Mar 2018 03:16:01 +0000"  >&lt;p&gt;hi, my program is working on &lt;b&gt;windows&lt;/b&gt; 7 as a connector which connects to MONGODB server using mongo cxx driver,my mongodb server is on ubuntu.&lt;br/&gt;
mongo c driver(windows) is compiled with :&lt;br/&gt;
cmake -G &quot;Visual Studio 14 2015 Win64&quot; &quot;-DENABLE_SSL=OPENSSL&quot; &lt;font color=&quot;red&quot;&gt;&quot;-DENABLE_SASL=SSPI&quot;&lt;/font&gt; &quot;-DCMAKE_INSTALL_PREFIX=C:\mongo-c-driver&quot; &quot;-DCMAKE_PREFIX_PATH=C:\mongo-c-driver&quot; &quot;-DCMAKE_BUILD_TYPE=Release&quot;&lt;/p&gt;

&lt;p&gt;currently, in my test environment, &lt;b&gt;my hostname and Kerberos name are the same&lt;/b&gt;. &lt;/p&gt;

&lt;p&gt;with mongo shell on ubuntu, all  three  cases works:&lt;br/&gt;
use FQDN: mongo --&lt;font color=&quot;red&quot;&gt;host&lt;/font&gt; mon.ker.com  --authenticationMechanism=GSSAPI --authenticationDatabase=&apos;$external&apos; --username user1@KER.COM&lt;br/&gt;
use ip: mongo --&lt;font color=&quot;red&quot;&gt;host&lt;/font&gt; &lt;font color=&quot;red&quot;&gt;10.154.10.100&lt;/font&gt;  --authenticationMechanism=GSSAPI --authenticationDatabase=&apos;$external&apos; --username user1@KER.COM --&lt;font color=&quot;red&quot;&gt;gssapiHostName&lt;/font&gt; mon.ker.com&lt;br/&gt;
use FQDN:mongo --&lt;font color=&quot;red&quot;&gt;host &lt;/font&gt;&lt;font color=&quot;red&quot;&gt;mon.ker.com&lt;/font&gt;  --authenticationMechanism=GSSAPI --authenticationDatabase=&apos;$external&apos; --username user1@KER.COM --&lt;font color=&quot;red&quot;&gt;gssapiHostName &lt;/font&gt;mon.ker.com&lt;/p&gt;

&lt;p&gt;so I think as long as the gssapiHostName is specified, user should be able to connect to mongodb server with both ip and FQDN.&lt;/p&gt;

&lt;p&gt;according to your suggestion, I tried &quot;authMechanismProperties=CANONICALIZE_HOST_NAME:true&quot; , but it doesn&apos;t work, I can&apos;t connect to the server with this parameter.&lt;/p&gt;

&lt;p&gt;now my question is, is it possible for the user to connect to the server using both IP and FQDN with mongo cxx driver(WINDOWS)?&lt;/p&gt;</comment>
                            <comment id="1821375" author="jesse" created="Fri, 2 Mar 2018 17:14:27 +0000"  >&lt;p&gt;Does &quot;CANONICALIZE_HOST_NAME&quot; meet your need?:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://mongoc.org/libmongoc/current/authentication.html#gssapi-kerberos-authentication&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://mongoc.org/libmongoc/current/authentication.html#gssapi-kerberos-authentication&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you connect like:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongodb://user1%40KER.COM:123@10.154.10.100/?authMechanism=GSSAPI&amp;amp;authMechanismProperties=CANONICALIZE_HOST_NAME:true&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;... then the driver will attempt to reverse-lookup the IP address.&lt;/p&gt;

&lt;p&gt;What OS are you using?&lt;/p&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="513521">SERVER-33981</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htiwnz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>