fix(NODE-2026): support SERVICE_REALM authentication mechanism property

Author: rose-m

src/cmap/auth/gssapi.ts

@@ -7,6 +7,7 @@ import type { Document } from '../../bson';
 type MechanismProperties = {
   gssapiCanonicalizeHostName?: boolean;
   SERVICE_NAME?: string;
+  SERVICE_REALM?: string;
 };
 
 import * as dns from 'dns';
@@ -89,14 +90,20 @@ function makeKerberosClient(authContext: AuthContext, callback: Callback<Kerbero
         Object.assign(initOptions, { user: username, password: password });
       }
 
-      Kerberos.initializeClient(
-        `${serviceName}${process.platform === 'win32' ? '/' : '@'}${host}`,
-        initOptions,
-        (err: string, client: KerberosClient): void => {
-          if (err) return callback(new MongoDriverError(err));
-          callback(undefined, client);
+      let spn: string;
+      if (process.platform === 'win32') {
+        spn = `${serviceName}/${host}`;
+        if ('SERVICE_REALM' in mechanismProperties) {
+          spn = `${spn}@${mechanismProperties.SERVICE_REALM}`;
         }
-      );
+      } else {
+        spn = `${serviceName}@${host}`;
+      }
+
+      Kerberos.initializeClient(spn, initOptions, (err: string, client: KerberosClient): void => {
+        if (err) return callback(new MongoDriverError(err));
+        callback(undefined, client);
+      });
     }
   );
 }