Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20387

Broken kerberos implementation in mongodump & mongorestore

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.6.10
    • Component/s: Security, Tools
    • None
    • Environment:
      Windows
    • Windows

      The mongodump & mongorestore tools do not completely support kerberos auth. For example, when running with the following syntax which omits the password field:

      .\mongodump -u "user@DOMAIN.LOCAL" --authenticationDatabase '$external' --authenticationMechanism GSSAPI
      

      This fails with the following error:

      assertion: 17 SASL(-1): generic failure: SSPI: InitializeSecurityContext: The logon attempt failed
      

      If the same command is run with the -p password parameter, the tools auths successfully.

      This indicates that the underlying kerberos configuration is functional, but the tools is unable to leverage the existing kerberos ticket for auth purposes.

            Assignee:
            backlog-server-platform DO NOT USE - Backlog - Platform Team
            Reporter:
            luke.prochazka@mongodb.com Luke Prochazka
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: