-
Type: Bug
-
Resolution: Works as Designed
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Authentication
-
None
I am having trouble getting the Go driver to pay attention to the KRB5CCNAME environment variable for the location of the user's ticket cache:
tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache kinit -kt atmtesting/assets/user.keytab ldapz_kerberos2@LDAPTEST.10GEN.CC tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache klist Ticket cache: FILE:/tmp/myticketcache Default principal: ldapz_kerberos2@LDAPTEST.10GEN.CC Valid starting Expires Service principal 02/08/2019 16:04:36 02/09/2019 16:04:35 krbtgt/LDAPTEST.10GEN.CC@LDAPTEST.10GEN.CC tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$ KRB5CCNAME=/tmp/myticketcache KRB5_TRACE=/dev/stdout go run -tags gssapi ~/tst/krb_go_driver.go [18753] 1549659900.817085: Convert service mockservice (service with host as instance) on host localhost to principal [18753] 1549659900.817903: Remote host after forward canonicalization: localhost [18753] 1549659900.818481: Remote host after reverse DNS processing: localhost [18753] 1549659900.818840: Got service principal mockservice/localhost@ [18753] 1549659900.819391: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.820009: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.820728: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.821306: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.821874: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.822325: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.822814: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.823263: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.877300: Convert service mockservice (service with host as instance) on host localhost to principal [18753] 1549659900.877816: Remote host after forward canonicalization: localhost [18753] 1549659900.878113: Remote host after reverse DNS processing: localhost [18753] 1549659900.878198: Got service principal mockservice/localhost@ [18753] 1549659900.878726: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.879268: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.879893: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.880539: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.881150: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.881731: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.882152: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found [18753] 1549659900.882648: Retrieving ldapz_kerberos2@LDAPTEST.10GEN.CC from FILE:/etc/krb5/user/1000/client.keytab (vno 0, enctype 0) with result: 2/Key table file '/etc/krb5/user/1000/client.keytab' not found panic: auth error: unable to authenticate using mechanism "GSSAPI": unable to negotiate with server: Success(589824,100001) goroutine 1 [running]: main.main() /home/tim/tst/krb_go_driver.go:39 +0x706 exit status 2 tim@vbox-ubuntu14:/media/sf_shared/mms-automation/go_planner/src/com.tengen/cm$
The Go driver is looking in /etc/krb5/user/1000/client.keytab instead of /tmp/myticketcache .
Attaching krb_go_driver.go and the mongod.conf for MongoDB
- is related to
-
GODRIVER-831 GSSAPI Authentication starts SASL conversation wrong
- Closed