Wednesday, November 9, 2016

MongoDB - Enable authentication using SCRAM-SHA-1

MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > db.createUser( {user: "donghua", pwd: "secret", roles:['root']});
Successfully added user: { "user" : "donghua", "roles" : [ "root" ] }
MongoDB Enterprise > db.system.users.find()
{ "_id" : "admin.donghua", "user" : "donghua", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "uEoaW99g9mk44piYjkCvbA==", "storedKey" : "ImJ/Zm/DF1i561IZ29lOReaRFEw=", "serverKey" : "U1LeGHZnO6jTJw653K5MmbUwop0=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
MongoDB Enterprise >

donghua@database:~$ sudo vi /etc/mongod.conf
security:
  authorization: enabled


donghua@database:~$ sudo service mongod restart
donghua@database:~$


donghua@database:~$ mongo
MongoDB shell version: 3.2.10
connecting to: test
MongoDB Enterprise > show dbs
2016-11-09T23:16:25.474+0800 E QUERY    [thread1] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
        "code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1

 
MongoDB Enterprise > db.auth('donghua','secret')
Error: Authentication failed.
0
MongoDB Enterprise > use admin
switched to db admin

MongoDB Enterprise > db.auth('donghua','secret')
1

MongoDB Enterprise > db.getUser('donghua')
{
        "_id" : "admin.donghua",
        "user" : "donghua",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}
MongoDB Enterprise >


donghua@database:~$ mongo admin -u donghua -p secret
MongoDB shell version: 3.2.10
connecting to: admin
MongoDB Enterprise > db.getUser('donghua')
{
        "_id" : "admin.donghua",
        "user" : "donghua",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}
MongoDB Enterprise > exit
bye


donghua@database:~$ mongo  -u donghua -p secret
MongoDB shell version: 3.2.10
connecting to: test
2016-11-09T23:21:37.254+0800 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2

exception: login failed

donghua@database:~$ mongo -u donghua -p secret --authenticationDatabase admin
MongoDB shell version: 3.2.10
connecting to: test
MongoDB Enterprise > exit
bye
donghua@database:~$



root@database:~# mongo admin -u donghua -p secret --eval "db.runCommand({getParameter: 1, authenticationMechanisms: 1})"
root@database:~# mongo admin --eval "db.auth('donghua', 'secret');db.runCommand({getParameter: 1, authenticationMechanisms: 1})"
root@database:~# mongo -u donghua -p secret --eval "db=db.getSisterDB('admin');db.runCommand({getParameter: 1, authenticationMechanisms: 1})" --authenticationDatabase admin

MongoDB shell version: 3.2.10
connecting to: admin
{
        "authenticationMechanisms" : [
                "MONGODB-CR",
                "MONGODB-X509",
                "SCRAM-SHA-1"
        ],
        "ok" : 1
}