@@ -24,15 +24,23 @@ authentication mechanism available in the MongoDB Enterprise Edition:
2424The ``GSSAPI`` authentication mechanism uses your user principal to
2525authenticate to a Kerberos service.
2626
27- You can specify this authentication mechanism by setting the following
28- parameters of the
27+ You can specify this authentication mechanism by performing the
28+ following actions while specifying options on your
2929:manual:`connection string </reference/connection-string/>`:
3030
31- - Set the ``authMechanism`` parameter to ``GSSAPI``
31+ - Set the ``authMechanism`` parameter to ``GSSAPI``.
3232- Set the ``SERVICE_NAME`` value in the ``authMechanismProperties``
33- parameter if using a value other than ``mongodb``
33+ parameter if using a value other than ``mongodb``.
3434- Specify a ``SERVICE_REALM`` value in the ``authMechanismProperties``
3535 parameter if a custom service realm is required.
36+ - Specify a ``CANONICALIZE_HOST_NAME`` value in the ``authMechanismProperties``
37+ parameter if canonicalization of the hostname is required. This property can take
38+ the following values:
39+
40+ - ``none``: (Default) Does not perform hostname canonicalization
41+ - ``forward``: Performs a forward DNS lookup to canonicalize the hostname
42+ - ``forwardAndReverse``: Performs a forward DNS lookup and then a
43+ reverse lookup on that value to canonicalize the hostname
3644
3745.. important::
3846
@@ -58,7 +66,8 @@ The following code sample authenticates to Kerberos for UNIX using ``GSSAPI``.
5866 const clusterUrl = "<MongoDB cluster URL>";
5967 const principal = encodeURIComponent("<Kerberos principal and realm>");
6068 const serviceRealm = "<Kerberos service realm>";
61- const authMechanismProperties = `SERVICE_REALM:${serviceRealm}`;
69+ const canonicalizationSetting = "<canonicalization setting>";
70+ const authMechanismProperties = `SERVICE_REALM:${serviceRealm},CANONICALIZE_HOST_NAME:${canonicalizationSetting}`;
6271
6372 const authMechanism = "GSSAPI";
6473
0 commit comments