-
Type: New Feature
-
Resolution: Unresolved
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Security
-
None
-
Server Security
While handling incoming authentication attempts with the GSSAPI SASL mechanism, MongoDB uses a combination of its service name, 'mongodb' by default, and the local hostname to form a principal name. The components of the principal name are structured by GSSAPI when it imports the name. MongoDB searches its keytab for an entry with this principal name and uses it to handle incoming authentication attempts.
Currently, mechanisms are in place which allow a user to override each of these components individually. One might desire the ability to explicitly request a principal name directly through a single configuration variable with none of the structure imposed by GSSAPI. This would enable a user to ask MongoDB to load keytab entries with arbitrary names.