In the LDAP Authorization Configuration Options quiz section of Chapter 1

How is it that we know that Kerberos is being used as the authentication service?

//…
security:
ldap:
servers: ‘ldap.mongodb.university’
authz:
queryTemplate: ‘{USER}?memberOf?base’
transportSecurity: ‘tls’
bind:
method: ‘simple’
userToDNMapping: ‘[{match: “(.+)”, substitution: “uid={0},ou=Users,dc=mongodb,dc=com”}]’
authenticationMechanisms: ‘GSSAPI’
//…

Hi Adam_64515,

authenticationMechanisms: GSSAPI

https://docs.mongodb.com/manual/reference/parameters/#param.authenticationMechanisms

Why use key value "GSSAPI" to indicate Kerberos authentication mechanism for MongoDB …

My best guess is that GSSAPI and Kerberos “seem to be” synonymous. They’re not really, GSSAPI is a standard/API and Kerberos is a mechanism for GSSAPI.

This from the internet

GSSAPI (Generic Security Service Application Programming Interface) is a function interface that provides security services for applications in a mechanism-independent way. This allows different security mechanisms to be used via one standardized API. GSSAPI is often linked with Kerberos that is the most common mechanism of GSSAPI. For the Kerberos authentication to work through GSSAPI the client and server must already be configured to be able to use Kerberos (i.e. be able to gain tickets).

Hope this helps,
David

1 Like

Ah, thank you very much.