/ /

/ /

Kerberos (GSSAPI)

Overview

The Generic Security Services API (GSSAPI) authentication mechanism allows you to authenticate to a Kerberos service by using your principal name.

You can use this mechanism only when authenticating to MongoDB Enterprise Advanced.

Code Placeholders

The code examples on this page use the following placeholders:

<username>: Your URL-encoded principal name
<password>: Your Kerberos password

To use the code examples on this page, replace these placeholders with your own values.

Example

To specify the GSSAPI authentication mechanism, set the mechanism field of your Credential struct to AuthMechanism::Gssapi.

Optionally, you can specify authentication mechanism properties by setting the SERVICE_REALM, SERVICE_NAME, and SERVICE_HOST properties in the mechanism_properties field of your Credential struct.

The following code example shows how to authenticate by using Kerberos:

let gssapi_cred = Credential::builder()
    .username("<username>".to_string())
    .password("<password>".to_string())
    .mechanism(AuthMechanism::Gssapi)
    .mechanism_properties(
        doc! { "SERVICE_REALM": "<service_realm>", "SERVICE_NAME": "<service_name>", "SERVICE_HOST": "<service_host>" }
    )
    .build();
client_options.credential = Some(gssapi_cred);
let client = Client::with_options(client_options)?;

Additional Information

For more information about Kerberos authentication, see Kerberos Authentication in the MongoDB Server manual.

To learn more about the concepts in this guide, see the following documentation:

Specify Connection Options guide
Connection Strings in the MongoDB Server manual

API Documentation

To learn more about the methods and types mentioned in this guide, see the following API documentation:

Back

LDAP (PLAIN)

In-Use Encryption