How is it that we know that Kerberos is being used as the authentication service?
//…
security:
ldap:
servers: ‘ldap.mongodb.university’
authz:
queryTemplate: ‘{USER}?memberOf?base’
transportSecurity: ‘tls’
bind:
method: ‘simple’
userToDNMapping: ‘[{match: “(.+)”, substitution: “uid={0},ou=Users,dc=mongodb,dc=com”}]’
authenticationMechanisms: ‘GSSAPI’
//…
Hi Adam_64515,
authenticationMechanisms: GSSAPI
https://docs.mongodb.com/manual/reference/parameters/#param.authenticationMechanisms
Why use key value "GSSAPI" to indicate Kerberos authentication mechanism for MongoDB …
My best guess is that GSSAPI and Kerberos “seem to be” synonymous. They’re not really, GSSAPI is a standard/API and Kerberos is a mechanism for GSSAPI.
This from the internet
GSSAPI (Generic Security Service Application Programming Interface) is a function interface that provides security services for applications in a mechanism-independent way. This allows different security mechanisms to be used via one standardized API. GSSAPI is often linked with Kerberos that is the most common mechanism of GSSAPI. For the Kerberos authentication to work through GSSAPI the client and server must already be configured to be able to use Kerberos (i.e. be able to gain tickets).
Hope this helps,
David
Ah, thank you very much.