http://qs321.pair.com?node_id=1167019

runrig has asked for the wisdom of the Perl Monks concerning the following question:

Update: Well, I've found the mongo shell and am testing with that, and I get essentially the same issue there on the problem server, so definitely not a Perl problem, but still wondering what the issue is.

I have this test program which works find on one server:
use MongoDB; use Data::Dumper; my $mdb = MongoDB->connect( 'mongodb://xxxxxxx', { username => 'xxxxx@xxxxxx.COM', auth_mechanism => 'GSSAPI', }); my $db = $mdb->get_database('testdb'); my $cfg = $db->get_collection('test_coll'); my $result = $cfg->insert_one({ name => 'test_name', test_field => 'this_is_a_test', }); my $id = $result->inserted_id(); print "Inserted: $id\n"; my $all_cfg = $cfg->find; while ( my $c = $all_cfg->next ) { print Dumper $c; }
But on another server gets this error on the insert:
MongoDB::AuthError: Authentication to //xxxxxxx:27017 failed: MongoDB: +:AuthError: GSSAPI error: MongoDB::AuthError: Could not start GSSAPI. + Did you run kinit? Error was: no mechanism available; SASL(-4): no +mechanism available: No worthy mechs found; client_start error. (Call +backs?)
And yes, I did run kinit on both systems. Authen::SASL::XS is installed on both systems, I'm not real familiar with sasl, gssapi, kerberos...and not sure where to start. How to start tracking down the problem?

Replies are listed 'Best First'.
Re: MongoDB auth failure
by Corion (Patriarch) on Jul 02, 2016 at 12:09 UTC

    Have you checked in (say) /etc/default/saslauthd that the mechanism you want to use (GSSAPI) is enabled?

    At least for my Debian setup, I need to have MECHANISMS="PAM" there.

    If you are sure that this is the case, stop your system-owned saslauthd and run it manually in the foreground in debug mode and hope that it shows when your client connects and why it fails:

    saslauthd -d