Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-1077

Offer option to canonicalize server name used for GSSAPI authentication

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.12.0, 3.0.0
    • Affects Version/s: None
    • Component/s: Authentication
    • None

      Section 4.1 of http://www.ietf.org/rfc/rfc2743.txt says:

      The "hostname" may ... be canonicalized by attempting a DNS lookup and using the fully-qualified domain name which is returned...

      Oracle's GSSAPI implementation is not canonicalizing (note that it's optional). Given that, the driver should be able to do the canonicalization on behalf of the application, as authentication can fail if the application provides the driver with a DNS alias to a mongos server.

      In scope of this ticket, we need to determine whether the canonicalization should always be done, or whether it should be opt-in.

            Assignee:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: