nI added a user in KDC server: addprinc user1@a@KER.COM
note: user1@a is the username (I use \ character as the escape character), and KER.COM is the realm name.
then added the user in mongodb server:
db.getSiblingDB("$external").createUser( { user : "user1@a@KER.COM", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "quest_stage" } ] } )
through mongodb shell, I can connect with the following cmd successfully:
mongo --host mon.ker.com --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username "user1@a@KER.COM"
but with mongo c driver in my program:
auto client = mongocxx::client{ mongocxx::uri{ "mongodb://user1%5C%40a%40KER.COM:123@mon.ker.com/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:mongodb" } }; //ensure to use FQDN instead of IP ADDRESS
or
auto client = mongocxx::client{ mongocxx::uri{ "mongodb://user1%5C%5C%40a%40KER.COM:123@mon.ker.com/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:mongodb" } }; //ensure to use FQDN instead of IP ADDRESS
can't connect, and get error in log:
[info@mongocxx] libmongoc logging callback enabled [error@mongoc] SSPI: InitializeSecurityContext: The specified target is unknown or unreachable [debug@cluster] Authentication failed: Received invalid SSPI data.
- related to
-
SERVER-33993 (kerberos) failed to connect if the principle name has '@' character
- Closed