Show/Hide Toolbars

MongoDB Notes

Navigation: MongoDB Authentication

Authentication with SCRAM-SHA-1 and Keyfile

Scroll Prev Top Next More

Mongo Authentication - Replica Set


Client Authentication

SCRAM-SHA-1

Internal Authentication

Keyfile

Operating System

Linux

 

In this procedure, you will configure a MongoDB replica set to use SCRAM-SHA-1 authentication between the client and mongod and keyfile authentication among replica sets.  

 

Prerequisites

 

The replica set has been configured and a user with root role has been added.

 

Procedure

 

1.Create a keyfile and place it in a convenient directory.  The keyfile is used for internal authentication among members of the replica set.

2.Update the mongod configuration files to specify authentication.  (See example below.)

3.Start each mongod instance with these commands, where aaX.yaml is the appropriate configuration file.  Note that authentication is enabled.

 

mongod -f aa1.yaml --auth

mongod -f aa2.yaml --auth

mongod -f aa3.yaml --auth

 

4.Log into the MongoDB shell.

 

mongo --port 31210 --host mongodb.waysysweb.us.com

Note: Be sure to log into the primary member of the replica set.

 

Testing the Configuration

 

When finished with the procedure, you should be able to log into the database with the MonoDB shell.  Without authenticating, you should not be able to run show dbs command.  You should be able to authenticate as shown below and then run the show dbs command.

 

use admin

db.auth('userAdmin', 'badges')

 

After the replica set is configured, you can check its status with this command:

 

rs.status()

 

Example of Mongod Configuration File with Authentication

 

systemLog:

  destination: file

  path:  /home/vagrant/data/r0/mongodb.log

storage:

  dbPath: /home/vagrant/data/r0 

processManagement:

  fork: true

security:

  clusterAuthMode: keyFile

  keyFile: /home/vagrant/mk

net:

  bindIp: mongodb.waysysweb.us.com

  port: 31210

replication:

   replSetName: repl

 

References

 

Setting Up a Replica Set and User