Open In App
Related Articles

How to Enable Authentication on MongoDB ?

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Report issue
Report

Authentication is enforced when access control is enabled on a MongoDB deployment, requiring users to identify themselves. Users can only conduct activities that are defined by their roles when visiting a MongoDB deployment with access control enabled.

The following tutorial utilizes the default authentication approach to provide access control on a solo mongo instance. See Authentication Techniques for a list of all supported authentication mechanisms.

Administrator of Users

If access control is enabled, make sure the admin database has a user with the userAdmin or userAdminAnyDatabase roles. This user has the ability to manage users and roles, including the ability to create new users, give or revoke roles to existing users, and create or change custom roles.

Note: The instance of MongoDB uses port 27017 as well as the location of data /var/lib/mongodb. The example presumes the existence of the data directory, i.e., /var/lib/mongodb. And specify a different data directory as appropriate.

To access or alter the database, MongoDB does not require a login or password by default. Mandatory authentication should be enabled and configured.

Follow the commands mentioned below to enable Authentication:

Step 1: Open a Mongo Shell 

mongo

Step 2: The database binstar must be able to read and write to the repository. To establish an administrator user and a service user, run the following commands in the MongoDB shell:

use admin

Step 3: To manage database users, create an administrative user: 

db.createUser({user:'siteUserAdmin', pwd: '<secure password #1>', 
               roles:['userAdminAnyDatabase']})

Step 4: To validate the password, log in as that user:

db.auth('siteUserAdmin', '<secure password #1>')

Step 5: Create a Repository service user:

db.createUser({user:'spandan', pwd: '<secure password #2>', 
               roles:[{db:'binstar', role:'readWrite'}]})

Step 6: In MongoDB, enable required authentication: 

  • Add the auth key to /etc/mongod.conf if you’re using the classic MongoDB configuration format:
auth=true
  • Add the security.authorization key to /etc/mongod.conf if you’re using the current MongoDB configuration format:
security:
    authorization: enabled

Step 7: To reload the settings, restart MongoDB: 

sudo service mongod restart

Step 8: Set the MONGO URL option in the Repository configuration file to mongodb:/username:password@hostname>. 

Step 9: Restart Repository after modifying the configuration file to see the changes take effect.

Exception for localhost

It is possible to create users before or after access control is activated. MongoDB supports a localhost exception if you activate access control before establishing any user. This allows you to establish a user administrator in the admin database. Once a user has been created, you must log in as the user administrator to add other users as needed.


Last Updated : 21 Jul, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads