Configuring MongoDB authentication
You can configure the wire listener to use MongoDB authentication.
Before you begin
If you are upgrading your MongoDB version and you have existing MongoDB users, you must upgrade your user schema.
Procedure
To configure MongoDB
authentication:
-
Set the following parameters in the wire listener configuration file:
- Enable authentication: Set authentication.enable=true.
- Specify MongoDB authentication: Set db.authentication=mongodb-cr.
- Set the MongoDB version: Set mongo.api.version to the version that you want.
- Optional. Specify the authentication timeout period: Set the listener.authentication.timeout parameter to the number of milliseconds for authentication timeout.
- Restart the wire listener.
-
If necessary, upgrade your user schema by running the authSchemaUpgrade
command in the admin database.
For example:
use admin db.runCommand({authSchemUpgrade : 1})
The authSchemaUpgrade command upgrades the user schema to the MongoDB version that is specified by the mongo.api.version parameter.
Adding users
Procedure
To add authorized users:
- Start the wire listener with authentication turned off: Set authentication.enable=false in the wire listener configuration file.
-
Add users:
- For MongoDB version 2.4, run the addUser command for each user in each database.
- For MongoDB version 2.6 and 3.0, run the createUser command for each user.
- Turn on authentication: Set authentication.enable=true in the wire listener configuration file.
- Restart the wire listener.