Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-1796

Update the MMS OnPrem Authentication Configuration section

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • None
    • None

    Description

      NOTE: Please make this change in both "master" and the "1.2" branch.

      Currently, this section says:

      --------
      Unfortunately, this does require the plaintext credentials be in the clear, however following standard practice you may reduce the permissions of the configuration file:
      --------------

      that's no longer true.

      It is now possible to encrypt the authentication credentials as follows:

      cd <install_dir>
      bin/credentialstool --username USERNAME --password
      <enter the password>
      <see output which contains encrypted credential pair>

      Please copy this credential pair into the MongoURI connection strings of
      your [install-dir]/conf/conf-mms.properties where needed. Additionally,
      for each MongoURI connection string using encrypted credentials, please
      add the following configuration option which will indicate to MMS that
      the credentials are set as encrypted tokens:

      mongo.[database-name-here].encryptedCredentials=true

      E.g.,
      mongo.mmsdb.mongoUri=mongodb://ENCRYPTEDUSERNAME:ENCRYPTEDPASSWORD@127.0.0.1:27017/?maxPoolSize=60&connectTimeoutMS=10000&socketTimeoutMS=10000&waitQueueTimeoutMS=10000
      mongo.mmsdb.encryptedCredentials=true

      Please also be sure to adjust the following two properties:

      distributed.lock.mongoUri
      app.mongoUri.systemRrd1

      and add

      distributed.lock.encryptedCredentials=true
      app.encryptedCredentials=true

      Attachments

        Activity

          People

            allison.moore@mongodb.com Allison Reinheimer Moore
            cailin.nelson@mongodb.com Cailin Nelson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              10 years, 26 weeks, 6 days ago