mongodb
diff --git a/‎.evergreen/config.yml
Lines changed: 9 additions & 1 deletion b/‎.evergreen/config.yml
Lines changed: 9 additions & 1 deletion
diff --git a/‎.evergreen/run-gssapi-tests.sh
Lines changed: 44 additions & 34 deletions b/‎.evergreen/run-gssapi-tests.sh
Lines changed: 44 additions & 34 deletions
diff --git a/‎Cargo.lock
Lines changed: 76 additions & 1 deletion b/‎Cargo.lock
Lines changed: 76 additions & 1 deletion
diff --git a/‎Cargo.toml
Lines changed: 8 additions & 2 deletions b/‎Cargo.toml
Lines changed: 8 additions & 2 deletions
@@ -274,6 +274,14 @@ buildvariants:
     tasks:
       - test-gssapi-auth
 
+  - name: gssapi-auth-windows
+    display_name: "GSSAPI Authentication - Windows"
+    patchable: true
+    run_on:
+      - windows-vsCurrent-small
+    tasks:
+      - test-gssapi-auth
+
   - name: x509-auth
     display_name: "x509 Authentication"
     patchable: false
@@ -1406,7 +1414,7 @@ functions:
       type: test
       params:
         binary: bash
-        working_dir: ${PROJECT_DIRECTORY}
+        working_dir: src
         args:
           - .evergreen/run-gssapi-tests.sh
         include_expansions_in_env:
 
@@ -16,50 +16,60 @@ FEATURE_FLAGS+=("gssapi-auth")
 
 set +o errexit
 
-# Create a krb5 config file with relevant
-touch krb5.conf
-echo "[realms]
-  $SASL_REALM = {
-    kdc = $SASL_HOST
-    admin_server = $SASL_HOST
-  }
-
-  $SASL_REALM_CROSS = {
-    kdc = $SASL_HOST
-    admin_server = $SASL_HOST
-  }
-
-[domain_realm]
-  .$SASL_DOMAIN = $SASL_REALM
-  $SASL_DOMAIN = $SASL_REALM
-" > krb5.conf
-
-export KRB5_CONFIG=krb5.conf
-
-# Authenticate the user principal in the KDC before running the e2e test
-echo "Authenticating $PRINCIPAL"
-echo "$SASL_PASS" | kinit -p $PRINCIPAL
-klist
+# On Windows, `kinit`/`kdestroy` and other krb5 config settings are
+# not available, nor are they required steps. Windows uses SSPI which
+# is similar to but distinct from (KRB5) GSSAPI. Therefore, we only
+# run the following steps if we are not on Windows.
+if [[ "cygwin" != "$OSTYPE" ]]; then
+  # Create a krb5 config file with relevant
+  touch krb5.conf
+  echo "[realms]
+    $SASL_REALM = {
+      kdc = $SASL_HOST
+      admin_server = $SASL_HOST
+    }
+
+    $SASL_REALM_CROSS = {
+      kdc = $SASL_HOST
+      admin_server = $SASL_HOST
+    }
+
+  [domain_realm]
+    .$SASL_DOMAIN = $SASL_REALM
+    $SASL_DOMAIN = $SASL_REALM
+  " > krb5.conf
+
+  export KRB5_CONFIG=krb5.conf
+
+  # Authenticate the user principal in the KDC before running the e2e test
+  echo "Authenticating $PRINCIPAL"
+  echo "$SASL_PASS" | kinit -p $PRINCIPAL
+  klist
+fi
 
 # Run end-to-end auth tests for "$PRINCIPAL" user
 TEST_OPTIONS+=("--skip with_service_realm_and_host_options")
 cargo_test test::auth::gssapi_skip_local
 
-# Unauthenticate
-echo "Unauthenticating $PRINCIPAL"
-kdestroy
+if [[ "cygwin" != "$OSTYPE" ]]; then
+  # Unauthenticate
+  echo "Unauthenticating $PRINCIPAL"
+  kdestroy
 
-# Authenticate the alternative user principal in the KDC and run other e2e test
-echo "Authenticating $PRINCIPAL_CROSS"
-echo "$SASL_PASS_CROSS" | kinit -p $PRINCIPAL_CROSS
-klist
+  # Authenticate the alternative user principal in the KDC and run other e2e test
+  echo "Authenticating $PRINCIPAL_CROSS"
+  echo "$SASL_PASS_CROSS" | kinit -p $PRINCIPAL_CROSS
+  klist
+fi
 
 TEST_OPTIONS=()
 cargo_test test::auth::gssapi_skip_local::with_service_realm_and_host_options
 
-# Unauthenticate
-echo "Unuthenticating $PRINCIPAL_CROSS"
-kdestroy
+if [[ "cygwin" != "$OSTYPE" ]]; then
+  # Unauthenticate
+  echo "Unauthenticating $PRINCIPAL_CROSS"
+  kdestroy
+fi
 
 # Run remaining tests
 cargo_test spec::auth
 
@@ -56,7 +56,7 @@ gcp-oidc = ["dep:reqwest"]
 gcp-kms = ["dep:reqwest"]
 
 # Enable support for GSSAPI (Kerberos) authentication.
-gssapi-auth = ["dep:cross-krb5", "dns-resolver"]
+gssapi-auth = ["dep:cross-krb5", "dep:windows-sys", "dns-resolver"]
 
 zstd-compression = ["dep:zstd"]
 zlib-compression = ["dep:flate2"]
@@ -80,7 +80,6 @@ chrono = { version = "0.4.7", default-features = false, features = [
     "clock",
     "std",
 ] }
-cross-krb5 = { version = "0.4.2", optional = true, default-features = false }
 derive_more = "0.99.17"
 derive-where = "1.2.7"
 flate2 = { version = "1.0", optional = true }
@@ -246,6 +245,13 @@ features = ["serde", "serde_json-1"]
 rustdoc-args = ["--cfg", "docsrs"]
 all-features = true
 
+# Target-specific dependencies for GSSAPI authentication
+[target.'cfg(not(windows))'.dependencies]
+cross-krb5 = { version = "0.4.2", optional = true, default-features = false }
+
+[target.'cfg(windows)'.dependencies]
+windows-sys = { version = "0.60", optional = true, features = ["Win32_Security_Authentication_Identity", "Win32_Security_Credentials", "Win32_Foundation", "Win32_System", "Win32_System_Rpc"] }
+
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = [
     'cfg(mongodb_internal_tracking_arc)',