<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:38:32 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-1052] Connecting to MongoDb via C# Driver with Kerberos Auth and a Keytab</title>
                <link>https://jira.mongodb.org/browse/CSHARP-1052</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;I am having trouble connecting to MongoDb using kerberos authentication.&lt;/p&gt;

&lt;p&gt;I have created a keytab and added it to the keytabs folder.&lt;/p&gt;

&lt;p&gt;My installation of MongoDb is located at: &lt;br/&gt;
/opt/mongodb/&lt;/p&gt;


&lt;p&gt;I can generate a token from the Kerberos server using kinit and specifying the keytab located at: /opt/mongodb/keytab, this successfully generates a keytab for the FID: ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net&lt;/p&gt;

&lt;p&gt;kinit -k -t ost_linux_mongo.keytab ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net&lt;/p&gt;


&lt;p&gt;Through the shell, I can then login to the database using the following command:-&lt;/p&gt;

&lt;p&gt;./bin/mongo --authenticationMechanism=GSSAPI --authenticationDatabase=\$external -u ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net@NAMUXDEV.DYN.NSROOT.NET vm-1b98-f53f:32017/admin --ssl&lt;/p&gt;


&lt;p&gt;The login works without issues. &lt;/p&gt;

&lt;p&gt;However the issue is that when I attempt the same via the windows machine using the following config:-&lt;/p&gt;



&lt;p&gt;var credential = MongoCredential.CreateGssapiCredential(&quot;ost_linux_mongo/vm-1b98-f53f.nam.nsroot.net@NAMUXDEV.DYN.NSROOT.NET&quot;,&quot;pass&quot;);&lt;/p&gt;

&lt;p&gt;            var settings = new MongoClientSettings&lt;br/&gt;
            {&lt;br/&gt;
                Credentials = new[] &lt;/p&gt;
{ credential }
&lt;p&gt;,&lt;br/&gt;
                Server = new MongoServerAddress(&quot;vm-1b98-f53f.nam.nsroot.net&quot;, 32017),&lt;/p&gt;

&lt;p&gt;                UseSsl = true,&lt;br/&gt;
                VerifySslCertificate = false,&lt;br/&gt;
            };&lt;/p&gt;

&lt;p&gt;            client = new MongoClient(settings);&lt;br/&gt;
            server = client.GetServer();&lt;br/&gt;
            return server.GetDatabase(&quot;admin&quot;);&lt;/p&gt;





&lt;p&gt;Initialization method DataStatsTest.MongoDbCrudTest.SetUp threw exception. MongoDB.Driver.MongoConnectionException: MongoDB.Driver.MongoConnectionException: Unable to connect to server vm-1b98-f53f.nam.nsroot.net:32017: Unable to initialize security context. Ensure the username and password are correct.. ---&amp;gt; MongoDB.Driver.Communication.Security.MongoSecurityException: Unable to initialize security context. Ensure the username and password are correct. ---&amp;gt; MongoDB.Driver.Communication.Security.Mechanisms.Sspi.Win32Exception: No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could be unreachable, or there might have been a trust relationship failure..&lt;/p&gt;</description>
                <environment>MongoDb service is running on a Red Hat Enterprise Linux box in our internal cloud.&lt;br/&gt;
&lt;br/&gt;
I am trying to connect to it using kerberos, from a Windows machine.&lt;br/&gt;
</environment>
        <key id="155043">CSHARP-1052</key>
            <summary>Connecting to MongoDb via C# Driver with Kerberos Auth and a Keytab</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="schana">Sukh Chana</reporter>
                        <labels>
                            <label>question</label>
                    </labels>
                <created>Wed, 27 Aug 2014 09:19:09 +0000</created>
                <updated>Fri, 5 Apr 2019 13:58:47 +0000</updated>
                            <resolved>Sat, 4 Apr 2015 22:48:31 +0000</resolved>
                                    <version>2.0</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="705432" author="craiggwilson" created="Wed, 27 Aug 2014 12:14:57 +0000"  >&lt;p&gt;Hi Sukh,&lt;/p&gt;

&lt;p&gt;On windows, the .NET driver uses SSPI to handle kerberos negotiations. As such, there is no keytab on windows, but rather a username and password. It appears as though you have specified everything correctly via code, but chances are your windows machine hasn&apos;t been setup. &lt;/p&gt;

&lt;p&gt;1. Are you running Active Directory or a linux based kdc?&lt;br/&gt;
2. If you are running Active Directory, is your machine domain joined to NAMUXDEV.DYN.NSROOT.NET?&lt;/p&gt;

&lt;p&gt;Craig&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs1qav:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>134708</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>