How to Enable Authentication and Authorization using SCRAM-SHA-1 in MongoDB

Connect with

enable authentication using scram-sha-1 in mongodbHow to enable authentication using scram-sha-1 in MongoDB for authenticating and authorizing user priviledgeis. Learn enable auth in MongoDB for enabling user security in MongoDB in this article.

1. Pre-requisite for enable authentication MongoDB

Following things need to be in place in order to enable authentication and authorization by using SCRAM-SHA-1 mechanism in MongoDB. I mean to say, enabling user security in MongoDB by using SCRAM-SHA-1 is simple if you follow the following steps.
Follow the following steps and you are done with adding role-based security in MongoDB.
– MongoDB 3.0 or higher version must be installed. I have installed MongoDB 3.2 on Linux CentOS 6.5

Check mongoDB version

 
mongo -version

output:

MongoDB shell version: 3.2.10

2. Enable user security in MongoDB

How to enable user security in MongoDB is one of the main question in interview. By the time of this article, MongoDB 3.2 is latest one, you can enable by adding couple of line in /etc/mongod.conf file. Add following line in /etc/mongod.config file, if not already added. In MongoDB 3.2 by default config file format will be YAML so as follows:

 security:
  authorization: 'enabled'

3. Login into mongo shell

 
mongo

4. Add Username and Password to Enable Security

Before adding user user to db , switch to admin db and then add user(s) to admin database. In this section you learn how to add username and password for enable authentication in MongoDB.

> use admin
switched to db admin
> db.createUser({ user: "ranjeet",  pwd: "xxxxx", roles: ["root"]});

5. Check Login by using Username and Password

You can follow any one of the following steps. for enabling of mongoDB authentication and authorization for security objectives.
if you are already logged-in in mongo type the following to authenticate else do the following ‘OR’ step

db.auth('ranjeet', 'xxxxx')

OR

 mongo --username "ranjeet" --password "xxxxx" --authenticationDatabase "admin"

Output of security enable in MongoDB:
There are some warning which can be ignored while adding user and role based security in mongoDB.

[root@localhost ~]# mongo --username "ranjeet" --password "anushka" --authenticationDatabase "admin"
MongoDB shell version: 3.2.10
connecting to: test
Server has startup warnings:
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 1024 processes, 64000 files. Number of processes should be at least 32000 : 0.5 times number of files.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
> show dbs;
admin  0.000GB
local  0.000GB
mydb   0.000GB
>

6. Check Login with username and password

Follow any one of the following steps.

Output as follows for show dbs command, if successfully not authenticated

> show dbs;
2016-11-10T17:40:55.437+0530 E QUERY    [thread1] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

After successfully login following like output will display , containing dbname and its content size in GB.

> show dbs;
admin  0.000GB
local  0.000GB

7. Output of console to enable authentication and authorization

Following are the complete console output for all the activities to enable authentication and authorization using SCRAM-SHA-1 mechanism in mongoDB 3.2.

[root@ranjeet ~]# vim /etc/mongod.conf
[root@ranjeet ~]# service mongod restart
Stopping mongod:                                           [  OK  ]
Starting mongod:                                           [  OK  ]
[root@ranjeet ~]# mongo
MongoDB shell version: 3.2.10
connecting to: test
> use admin
switched to db admin

> show dbs;
2016-11-10T17:40:55.437+0530 E QUERY    [thread1] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

> db.createUser({ user: "ranjeet",  pwd: "xxxxx", roles: ["root"]});
Successfully added user: { "user" : "ranjeet", "roles" : [ "root" ] }
> db.auth('ranjeet', 'xxxxx' )
1
> show dbs;
admin  0.000GB
local  0.000GB
>
> use mydb;
switched to db mydb
> db.mycollection.insert({"name":"ranjeet", "description":"How to enable security using SCRAM-SH1 mechanism"});
WriteResult({ "nInserted" : 1 })
> db.mycollection.find();
{ "_id" : ObjectId("582467543f20f886e3a54a25"), "name" : "ranjeet", "description" : "How to enable security using SCRAM-SH1 mechanism" }
>

After successful login it return 1 in db.auth('ranjeet', 'xxxxx') and once you type 'show dbs;' it returns all the database name with content size in gb.

8. Reference

https://docs.mongodb.com/v3.2/core/security-scram-sha-1/
Thanks for visiting this post for how to enable authentication in MongoDB for security in MongoDB. You can also visit MongoDB Tutorial for more articles on MongoDB document-oriented database.
Your Comments are welcome to improve this post to enable user security in MongoDB.


Connect with

4 thoughts on “How to Enable Authentication and Authorization using SCRAM-SHA-1 in MongoDB”

  1. Pingback: rinki

  2. Great post. I was checking constantly this blog and I’m impressed!
    Very helpful info specifically the last part :
    ) I care for such information a lot. I was looking for this certain information for a very long time.
    Thank you and good luck.

  3. Wow, marvelous blog layout! How long have you ever been running a blog
    for? you made running a blog glance easy. The overall glance of your site
    is excellent, let alone the content material!

Leave a Comment

Your email address will not be published. Required fields are marked *