The mongodump & mongorestore tools do not completely support kerberos auth. For example, when running with the following syntax which omits the password field:
.\mongodump -u "user@DOMAIN.LOCAL" --authenticationDatabase '$external' --authenticationMechanism GSSAPI
This fails with the following error:
assertion: 17 SASL(-1): generic failure: SSPI: InitializeSecurityContext: The logon attempt failed
If the same command is run with the -p password parameter, the tools auths successfully.
This indicates that the underlying kerberos configuration is functional, but the tools is unable to leverage the existing kerberos ticket for auth purposes.
- is related to
-
TOOLS-889 Enabling kerberos auth options crashes mongodump, mongorestore and mongoimport in v3.0, v3.2
- Closed
- related to
-
TOOLS-1278 Backport to v3.0
- Closed
-
TOOLS-889 Enabling kerberos auth options crashes mongodump, mongorestore and mongoimport in v3.0, v3.2
- Closed