Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://www.mongodb.com/docs/manual/tutorial/configure-scram-client-authentication/ below:

Use SCRAM to Authenticate Clients on Self-Managed Deployments - Database Manual

The following procedure sets up SCRAM for client authentication on a standalone mongod instance.

To use SCRAM authentication for replica sets or sharded clusters, see Deploy Self-Managed Replica Set With Keyfile Authentication.

You cannot use both SCRAM authentication and another authentication type for the same user.

Start a standalone mongod instance without access control.

Open a terminal and run the following command as the mongod user:

mongod --port 27017 --dbpath /var/lib/mongodb

The mongod instance in this tutorial uses port 27017 and the /var/lib/mongodb data directory.

The tutorial assumes that the /var/lib/mongodb directory exists and is the default dbPath. You may specify a different data directory or port as needed.

When mongod starts, it creates some system files in the /var/lib/mongodb directory. To ensure the system files have the correct ownership, follow this tutorial as the mongod user. If you start mongod as the root user you will have to update file ownership later.

Open a new terminal and connect to the cluster with mongosh:

If you are connecting to a different deployment, specify additional command line options, such as --host, as needed to connect.

You can create the user administrator either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in the admin database. Once created, you must authenticate as the user administrator to create additional users.

Using mongosh:

1. switch to the admin database

2. add the myUserAdmin user with the userAdminAnyDatabase and readWriteAnyDatabase roles":

use admindb.createUser(  {    user: "myUserAdmin",    pwd: passwordPrompt(),     roles: [      { role: "userAdminAnyDatabase", db: "admin" },      { role: "readWriteAnyDatabase", db: "admin" }    ]  })

The passwordPrompt() method prompts you to enter the password. You can also specify your password directly as a string. We recommend to use the passwordPrompt() method to avoid the password being visible on your screen and potentially leaking the password to your shell history.

The userAdminAnyDatabase role allows this user to:

• create users

• grant or revoke roles from users

• create or modify customs roles

You can assign your user additional built-in roles or user-defined roles as needed.

The database where you create the user, in this example admin, is the user's authentication database. Although the user needs to authenticate to this database, the user can have roles in other databases. The user's authentication database doesn't limit the user's privileges.

Shut down the mongod instance. Using mongosh, issue the following command:

db.adminCommand( { shutdown: 1 } )

Exit mongosh.

Start the mongod with access control enabled.

• If you start the mongod from the command line, add the --auth command line option:

  mongod --auth --port 27017 --dbpath /var/lib/mongodb

• If you start the mongod using a configuration file, add the security.authorization configuration file setting:

  security:    authorization: enabled

Clients that connect to this instance must now authenticate themselves and can only perform actions as determined by their assigned roles.

You can create users either before or after enabling access control. If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in the admin database. Once created, you must authenticate as the user administrator to create additional users.

Using mongosh, you can:

Using mongosh, connect to your database deployment:

In mongosh, switch to the authentication database (in this case, admin), and use the db.auth(<username>, <pwd>) method to authenticate:

use admindb.auth("myUserAdmin", passwordPrompt()) 

The passwordPrompt() method prompts you to enter the password. You can also specify your password directly as a string. We recommend to use the passwordPrompt() method to avoid the password being visible on your screen and potentially leaking the password to your shell history.

Enter the password when prompted.

To use SCRAM authentication for replica sets or sharded clusters, see Deploy Self-Managed Replica Set With Keyfile Authentication.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4