[DOCS-1796] Update the MMS OnPrem Authentication Configuration section Created: 10/Aug/13  Updated: 11/Jan/17  Resolved: 15/Aug/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Task Priority: Major - P3
Reporter: Cailin Nelson Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 10 years, 26 weeks, 6 days ago

 Description   

NOTE: Please make this change in both "master" and the "1.2" branch.

Currently, this section says:

--------
Unfortunately, this does require the plaintext credentials be in the clear, however following standard practice you may reduce the permissions of the configuration file:
--------------

that's no longer true.

It is now possible to encrypt the authentication credentials as follows:

cd <install_dir>
bin/credentialstool --username USERNAME --password
<enter the password>
<see output which contains encrypted credential pair>

Please copy this credential pair into the MongoURI connection strings of
your [install-dir]/conf/conf-mms.properties where needed. Additionally,
for each MongoURI connection string using encrypted credentials, please
add the following configuration option which will indicate to MMS that
the credentials are set as encrypted tokens:

mongo.[database-name-here].encryptedCredentials=true

E.g.,
mongo.mmsdb.mongoUri=mongodb://ENCRYPTEDUSERNAME:ENCRYPTEDPASSWORD@127.0.0.1:27017/?maxPoolSize=60&connectTimeoutMS=10000&socketTimeoutMS=10000&waitQueueTimeoutMS=10000
mongo.mmsdb.encryptedCredentials=true

Please also be sure to adjust the following two properties:

distributed.lock.mongoUri
app.mongoUri.systemRrd1

and add

distributed.lock.encryptedCredentials=true
app.encryptedCredentials=true



 Comments   
Comment by auto [ 15/Aug/13 ]

Author:

{u'username': u'schmalliso', u'name': u'schmalliso', u'email': u'allison.moore@10gen.com'}

Message: DOCS-1796: update on-prem authentication configuration with new encryption functionality
Branch: master
https://github.com/10gen/mms-docs/commit/a2fcad22a2a73d55c034d12f4a3669e345901365

Generated at Thu Feb 08 07:41:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.