I am setting up an environment with mongodb and envoy combination. Our current mongodb has configured with kerberos authentication. After configuring mongodb with envoy, I was able to connect using mongodb client by passing gssapiHostName option.
Is there any way to pass this option from mongodb java driver ?
Hi @Surendra_K,
There is no way to configure gssapiHostName on the client side using the Java driver. However, the server does allow configuration of saslHostName in the event that there is a discrepancy between the learned hostname and the attached principal of the mongod. It serves the same purpose as gssapiHostName, but solved from the server side.
Regards,
Jeff
Hi @Jeffery_Yemin,
Thanks for the reply. I looked at the GSSAPIAuthenticator code and the issue is with getHostName method. Currently, getHostName method simply returns the hostname from ServerAddress. If ServerAddress has ability capture gssapiHostname and use that value as hostname if available. That could solve the issue. After doing this change in GSSAPIAuthenticator class, it worked for me but I am not really sure about side effects.
Thanks,
Surendra
I don’t think it will be a simple change. Consider that a MongoClient can be configured to connect to a replica set, and if so it attempts to discover all of its members. The driver would need to be configured with a different gssapiHostname for each discovered member.
If you’re not able to determine a path forward without a change to the driver, I suggest you contact MongoDB support via support.mongodb.com (I’m assuming you have a support contract since GSSAPI authentication is an Enterprise-only feature).
Regards,
Jeff Yemin