mongodb · mattChiaravalloti · Jun 24, 2025 · Jun 24, 2025 · Jun 24, 2025 · Jun 30, 2025
@@ -17,7 +17,7 @@ cargo $TOOLCHAIN build
 
 # Test with all features.
 if [ "$RUST_VERSION" != "" ]; then
-  cargo $TOOLCHAIN build --features openssl-tls,sync,aws-auth,zlib-compression,zstd-compression,snappy-compression,in-use-encryption,tracing-unstable
+  cargo $TOOLCHAIN build --features openssl-tls,sync,aws-auth,gssapi-auth,zlib-compression,zstd-compression,snappy-compression,in-use-encryption,tracing-unstable
 else
   cargo $TOOLCHAIN build --all-features
 fi

@@ -6,7 +6,7 @@ set -o pipefail
 source .evergreen/env.sh
 source .evergreen/cargo-test.sh
 
-FEATURE_FLAGS+=("tracing-unstable" "cert-key-password")
+FEATURE_FLAGS+=("tracing-unstable" "cert-key-password" "gssapi-auth")
 
 if [ "$OPENSSL" = true ]; then
   FEATURE_FLAGS+=("openssl-tls")

@@ -58,6 +58,9 @@ gcp-oidc = ["dep:reqwest"]
 # This can only be used with the tokio-runtime feature flag.
 gcp-kms = ["dep:reqwest"]
 
+# Enable support for GSSAPI (Kerberos) authentication.
+gssapi-auth = ["dep:cross-krb5", "dep:dns-lookup"]
+
 zstd-compression = ["dep:zstd"]
 zlib-compression = ["dep:flate2"]
 snappy-compression = ["dep:snap"]
@@ -80,8 +83,10 @@ chrono = { version = "0.4.7", default-features = false, features = [
     "clock",
     "std",
 ] }
+cross-krb5 = { version = "0.4.2", optional = true, default-features = false }
 derive_more = "0.99.17"
 derive-where = "1.2.7"
+dns-lookup = { version = "2.0", optional = true }
 flate2 = { version = "1.0", optional = true }
 futures-io = "0.3.21"
 futures-core = "0.3.14"