Kerberos authentication
- Last Updated: July 30, 2025
- 2 minute read
- DataDirect Connectors
- ODBC
- MongoDB 8.0
- Documentation
The driver supports the Kerberos authentication. Kerberos authentication can take advantage of the user name and password maintained by the operating system to authenticate users to the database or use another set of user credentials specified by the application.
The Kerberos method requires knowledge of how to configure your Kerberos environment. This method supports both Windows Active Directory Kerberos and MIT Kerberos environments.
To use Kerberos authentication, the application user first must obtain a Kerberos Ticket Granting Ticket (TGT) from the Kerberos server. The Kerberos server verifies the identity of the user and controls access to services using the credentials contained in the TGT.
If the application uses Kerberos authentication from a Windows
client, the application user does not explicitly need to obtain
a TGT. Windows Active Directory automatically obtains a TGT for
the user.
If the application uses Kerberos authentication from a UNIX or
Linux client, the user must explicitly obtain a TGT. To obtain a
TGT explicitly, the user must log onto the Kerberos server using
the kinit command. For example, the following command requests a
TGT from the server with a lifetime of 10 hours, which is renewable
for 5 days:
kinit -l 10h -r 5d userwhere user is the application user.
Refer to your Kerberos documentation for more information about using the kinit command and obtaining TGTs for users.
- Set the Authentication Method (AuthenticationMethod) option to
4. - Set the Host Name (HostName) option to specify the name or the IP address of the server to which you want to connect.
- Optionally, set the Database Name (DatabaseName) option to specify the name of the database to which you are connecting.
- Optionally, set the Port Number (PortNumber) option to specify the port number of the
server listener. The default is
27017. - Optionally, set the Service Principal Name (ServicePrincipalName) option to specify the service principal name to be used by the driver.
- Set the User Name (LogonID) option to specify your user name.Note: The User option is not required to be stored in the connection string. It can also be sent separately by the application using the
SQLConnectODBC API. ForSQLDriverConnectandSQLBrowseConnect, the option needs to be specified in the connection string. - Optionally, specify values for any additional options you want to configure.
The following examples show the connection information required to establish a connection using Kerberos authentication.
Connection string
DRIVER=DataDirect 8.1 MongoDB;AuthenticationDatabase=4;DatabaseName=mydb;
HostName=myserver;PortNumber=27017;User=jsmith;odbc.ini
[MongoDB]
Driver=ODBCHOME/lib/ivmongodb81.so
...
Description=DataDirect 8.1 MongoDB
...
AuthenticationDatabase=4
...
DatabaseName=mydb
...
HostName=myserver
...
PortNumber=27017
...
User=jsmith
...