How to enable authentication using scram-sha-1 in MongoDB for authenticating and authorizing user priviledgeis. Learn enable auth in MongoDB for enabling user security in MongoDB in this article.
1. Pre-requisite for enable authentication MongoDB
Following things need to be in place in order to enable authentication and authorization by using SCRAM-SHA-1 mechanism in MongoDB. I mean to say, enabling user security in MongoDB by using SCRAM-SHA-1 is simple if you follow the following steps.
Follow the following steps and you are done with adding role-based security in MongoDB.
– MongoDB 3.0 or higher version must be installed. I have installed MongoDB 3.2 on Linux CentOS 6.5
Check mongoDB version
mongo -version
output:
MongoDB shell version: 3.2.10
2. Enable user security in MongoDB
How to enable user security in MongoDB is one of the main question in interview. By the time of this article, MongoDB 3.2 is latest one, you can enable by adding couple of line in /etc/mongod.conf file. Add following line in /etc/mongod.config file, if not already added. In MongoDB 3.2 by default config file format will be YAML so as follows:
security: authorization: 'enabled'
3. Login into mongo shell
mongo
4. Add Username and Password to Enable Security
Before adding user user to db , switch to admin db and then add user(s) to admin database. In this section you learn how to add username and password for enable authentication in MongoDB.
> use admin switched to db admin > db.createUser({ user: "ranjeet", pwd: "xxxxx", roles: ["root"]});
5. Check Login by using Username and Password
You can follow any one of the following steps. for enabling of mongoDB authentication and authorization for security objectives.
if you are already logged-in in mongo type the following to authenticate else do the following ‘OR’ step
db.auth('ranjeet', 'xxxxx')
OR
mongo --username "ranjeet" --password "xxxxx" --authenticationDatabase "admin"
Output of security enable in MongoDB:
There are some warning which can be ignored while adding user and role based security in mongoDB.
[root@localhost ~]# mongo --username "ranjeet" --password "anushka" --authenticationDatabase "admin" MongoDB shell version: 3.2.10 connecting to: test Server has startup warnings: 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 1024 processes, 64000 files. Number of processes should be at least 32000 : 0.5 times number of files. 2016-11-10T17:40:44.667+0530 I CONTROL [initandlisten] > show dbs; admin 0.000GB local 0.000GB mydb 0.000GB >
6. Check Login with username and password
Follow any one of the following steps.
Output as follows for show dbs command, if successfully not authenticated
> show dbs; 2016-11-10T17:40:55.437+0530 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13 } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1 shellHelper.show@src/mongo/shell/utils.js:761:19 shellHelper@src/mongo/shell/utils.js:651:15 @(shellhelp2):1:1
After successfully login following like output will display , containing dbname and its content size in GB.
> show dbs; admin 0.000GB local 0.000GB
7. Output of console to enable authentication and authorization
Following are the complete console output for all the activities to enable authentication and authorization using SCRAM-SHA-1 mechanism in mongoDB 3.2.
[root@ranjeet ~]# vim /etc/mongod.conf [root@ranjeet ~]# service mongod restart Stopping mongod: [ OK ] Starting mongod: [ OK ] [root@ranjeet ~]# mongo MongoDB shell version: 3.2.10 connecting to: test > use admin switched to db admin > show dbs; 2016-11-10T17:40:55.437+0530 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13 } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1 shellHelper.show@src/mongo/shell/utils.js:761:19 shellHelper@src/mongo/shell/utils.js:651:15 @(shellhelp2):1:1 > db.createUser({ user: "ranjeet", pwd: "xxxxx", roles: ["root"]}); Successfully added user: { "user" : "ranjeet", "roles" : [ "root" ] } > db.auth('ranjeet', 'xxxxx' ) 1 > show dbs; admin 0.000GB local 0.000GB > > use mydb; switched to db mydb > db.mycollection.insert({"name":"ranjeet", "description":"How to enable security using SCRAM-SH1 mechanism"}); WriteResult({ "nInserted" : 1 }) > db.mycollection.find(); { "_id" : ObjectId("582467543f20f886e3a54a25"), "name" : "ranjeet", "description" : "How to enable security using SCRAM-SH1 mechanism" } >
After successful login it return 1 in db.auth('ranjeet', 'xxxxx')
and once you type 'show dbs;'
it returns all the database name with content size in gb.
8. Reference
https://docs.mongodb.com/v3.2/core/security-scram-sha-1/
Thanks for visiting this post for how to enable authentication in MongoDB for security in MongoDB. You can also visit MongoDB Tutorial for more articles on MongoDB document-oriented database.
Your Comments are welcome to improve this post to enable user security in MongoDB.
Pingback: rinki
Great post. I was checking constantly this blog and I’m impressed!
Very helpful info specifically the last part :
) I care for such information a lot. I was looking for this certain information for a very long time.
Thank you and good luck.
Wow, marvelous blog layout! How long have you ever been running a blog
for? you made running a blog glance easy. The overall glance of your site
is excellent, let alone the content material!
Very good blog post. I definitely love this site. Stick with it!