How to Enable Authentication and Authorization using SCRAM-SHA-1 in MongoDB

Connect with

MongoDBAdding or enabling of username/password is simple or you can say authentication and authorization in mongoDB using SCRAM-SHA-1 is very simple. Follow the following steps and you are done with adding role based security in mongodb.

1. Pre-requisite

Following things need to be in place in order to enable authentication and authorization by using SCRAM-SHA-1 mechanism. I mean to say, enabling of user security in mongoDB by using SCRAM-SHA-1 is simple if you follow following steps.

– MongoDB 3.0 or higher version must be installed. I have installed mongoDB 3.2 on Linux CentOS 6.5

Check mongoDB version

 
mongo -version

output:

MongoDB shell version: 3.2.10

2. Add security line in config file

Add following line in /etc/mongod.config file, if not already added. in MongoDB 3.2 by default config file format will be YAML so as follows:

 security:
  authorization: 'enabled'

3. Login into mongo shell

 
mongo

4. Add Username and Password to Enable Security

Before adding user user to db , switch to admin db and then add user(s) to admin database.

> use admin
switched to db admin
> db.createUser({ user: "ranjeet",  pwd: "xxxxx", roles: ["root"]});

5. Check Login by using Username and Password

Follow any one of the following steps.
if you are already logged-in in mongo type following to authenticate else do following ‘OR’ step

db.auth('ranjeet', 'xxxxx')

OR

 mongo --username "ranjeet" --password "xxxxx" --authenticationDatabase "admin"

Output:
There are some warning which can be ignored while adding user and role based security in mongoDB.

[root@localhost ~]# mongo --username "ranjeet" --password "anushka" --authenticationDatabase "admin"
MongoDB shell version: 3.2.10
connecting to: test
Server has startup warnings:
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 1024 processes, 64000 files. Number of processes should be at least 32000 : 0.5 times number of files.
2016-11-10T17:40:44.667+0530 I CONTROL  [initandlisten]
> show dbs;
admin  0.000GB
local  0.000GB
mydb   0.000GB
>

6. Check Login by username and password

Follow any one of the following steps.

Output as follows for show dbs command, if successfully not authenticated

> show dbs;
2016-11-10T17:40:55.437+0530 E QUERY    [thread1] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

After successfully login following like output will display , containing dbname and its content size in GB.

> show dbs;
admin  0.000GB
local  0.000GB

7. Output of console to enable authentication and authorization

Following are the complete console output for all the activities to enable authentication and authorization using SCRAM-SHA-1 mechanism in mongoDB 3.2.

[root@ranjeet ~]# vim /etc/mongod.conf
[root@ranjeet ~]# service mongod restart
Stopping mongod:                                           [  OK  ]
Starting mongod:                                           [  OK  ]
[root@ranjeet ~]# mongo
MongoDB shell version: 3.2.10
connecting to: test
> use admin
switched to db admin

> show dbs;
2016-11-10T17:40:55.437+0530 E QUERY    [thread1] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

> db.createUser({ user: "ranjeet",  pwd: "xxxxx", roles: ["root"]});
Successfully added user: { "user" : "ranjeet", "roles" : [ "root" ] }
> db.auth('ranjeet', 'xxxxx' )
1
> show dbs;
admin  0.000GB
local  0.000GB
>
> use mydb;
switched to db mydb
> db.mycollection.insert({"name":"ranjeet", "description":"How to enable security using SCRAM-SH1 mechanism"});
WriteResult({ "nInserted" : 1 })
> db.mycollection.find();
{ "_id" : ObjectId("582467543f20f886e3a54a25"), "name" : "ranjeet", "description" : "How to enable security using SCRAM-SH1 mechanism" }
>

After successful login it return 1 in db.auth('ranjeet', 'xxxxx') and once you type 'show dbs;' it returns all the database name with content size in gb.

8. Reference

https://docs.mongodb.com/v3.2/core/security-scram-sha-1/

Your Comments are welcome to improve this post.


Connect with

4 thoughts on “How to Enable Authentication and Authorization using SCRAM-SHA-1 in MongoDB

  1. Pingback: rinki
  2. Great post. I was checking constantly this blog and I’m impressed!
    Very helpful info specifically the last part :
    ) I care for such information a lot. I was looking for this certain information for a very long time.
    Thank you and good luck.

  3. Wow, marvelous blog layout! How long have you ever been running a blog
    for? you made running a blog glance easy. The overall glance of your site
    is excellent, let alone the content material!

Leave a Reply

Your email address will not be published. Required fields are marked *