MongoDB Security Questions Answers

Connect with

How does the mongod know the identity of the client?

Check all that apply:

  1. a. It obtains a certificate from the client when the TLS connection is established.
  2. b. The certificate must be signed by the certificate authority file passed to the mongod.
  3. c. The subject of the certificate must match the name of the user in the $external database.

Answer

All of the options are true:

  1. It obtains a certificate from the client when the TLS connection is established.
  2. The certificate must be signed by the certificate authority file passed to the mongod.
  3. The subject of the certificate must match the name of the user in the $external database

Which of the following are true regarding LDAP authentication?

Check all that apply:

  1. MongoDB drivers authenticating to MongoDB with LDAP send LDAP credentials using SASL PLAIN which sends the username/password in clear text.
  2. LDAP Authentication support is a MongoDB Enterprise only feature.
  3. LDAP is more secure than Kerberos
  4. saslauthd is a proxy service used by mongod to talk to a LDAP server

This is one of the faq MongoDB security for mongoDB interview.
Answer

The following are true regarding LDAP authentication:

  1. – MongoDB drivers authenticating to MongoDB with LDAP send LDAP credentials using SASL PLAIN which sends the username/password in clear text.
  2. – LDAP Authentication support is a MongoDB Enterprise only feature.
  3. – saslauthd is a proxy service used by mongod to talk to a LDAP server
  4. – LDAP is more secure than Kerberos

This is not true. LDAP was not designed for the purpose of external authentication. LDAP was designed to store user meta-data in a directory service. Kerberos was designed for the sole purpose of external authentication.


Connect with

Leave a Comment

Your email address will not be published. Required fields are marked *