Skip to content

DOCS-9897: authMechanismProperties for URI connection string #3505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 5, 2018
Merged

DOCS-9897: authMechanismProperties for URI connection string #3505

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 46 additions & 4 deletions source/reference/connection-string.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -612,17 +612,59 @@ Authentication Options
:doc:`/tutorial/configure-x509-client-authentication` for more
information on x509 authentication.

* - .. urioption:: authMechanismProperties

- Specify properties for the specified :urioption:`authMechanism`
as a comma-separated list of colon-separated key-value pairs.
For example:

.. code-block:: shell
:copyable: false

authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true

The :option:`authmechanismProperties` option is only supported
when :urioption:`authMechanism` is
:ref:`GSSAPI <security-auth-kerberos>`. Possible values are:

``SERVICE_NAME:<string>``
Set the Kerberos service name when connecting to Kerberized
MongoDB instances. This value must match the service name set
on MongoDB instances to which you are connecting.

``SERVICE_NAME`` defaults to ``mongodb`` for all clients and
MongoDB instances. If you change the
:parameter:`saslServiceName` setting on a MongoDB instance, you
must set ``SERVICE_NAME`` to match that setting.

``CANONICALIZE_HOST_NAME:true|false``
Canonicalize the hostname of the client host machine when
connecting to the Kerberos server. This may be required when
hosts report different hostnames than what is in the Kerberos
database. Defaults to ``false``.

``SERVICE_REALM:<string>``
Set the Kerberos realm for the MongoDB service. This may be
necessary to support cross-realm authentication where the user
exists in one realm and the service in another.

* - .. urioption:: gssapiServiceName

- Set the Kerberos service name when connecting to Kerberized
MongoDB instances. This value must match the service name set on
MongoDB instances.
MongoDB instances to which you are connecting.

:urioption:`gssapiServiceName` defaults to ``mongodb`` for all
clients and for MongoDB instance. If you change
clients and MongoDB instances. If you change
:parameter:`saslServiceName` setting on a MongoDB instance, you
will need to set :urioption:`gssapiServiceName` to the same
value.
must set :urioption:`gssapiServiceName` to match that setting.

:urioption:`gssapiServiceName` is a deprecated aliases for
:urioption:`authMechanismProperties=SERVICE_NAME:mongodb
<authMechanismProperties>`. For more information on which
options your driver supports and their relative priority to each
other, reference the documentation for your preferred driver
version.

.. _selection-discovery-options:

Expand Down