diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts index f858898eba..af96409695 100644 --- a/src/cmap/auth/gssapi.ts +++ b/src/cmap/auth/gssapi.ts @@ -7,6 +7,7 @@ import type { Document } from '../../bson'; type MechanismProperties = { gssapiCanonicalizeHostName?: boolean; SERVICE_NAME?: string; + SERVICE_REALM?: string; }; import * as dns from 'dns'; @@ -90,14 +91,15 @@ function makeKerberosClient(authContext: AuthContext, callback: Callback { - if (err) return callback(new MongoDriverError(err)); - callback(undefined, client); - } - ); + let spn = `${serviceName}${process.platform === 'win32' ? '/' : '@'}${host}`; + if ('SERVICE_REALM' in mechanismProperties) { + spn = `${spn}@${mechanismProperties.SERVICE_REALM}`; + } + + initializeClient(spn, initOptions, (err: string, client: KerberosClient): void => { + if (err) return callback(new MongoDriverError(err)); + callback(undefined, client); + }); } ); } diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js index d302593721..744c9c678d 100644 --- a/test/manual/kerberos.test.js +++ b/test/manual/kerberos.test.js @@ -50,8 +50,8 @@ describe('Kerberos', function () { }); }); - // TODO: this test only tests that these properties do not crash anything - but not that they actually have an effect - it('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) { + // Unskip this test when a proper setup is available - see NODE-3060 + it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) { const client = new MongoClient( `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false,SERVICE_REALM:windows&maxPoolSize=1` );