[DOCS-2259] Alow the Monitoring Agent to authenticate to monitored mongods using Kerberos Created: 20/Nov/13  Updated: 11/Jan/17  Resolved: 27/Nov/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Task Priority: Major - P3
Reporter: Cailin Nelson Assignee: Sam Kleinman (Inactive)
Resolution: Done Votes: 0
Labels: mms
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 10 years, 11 weeks, 2 days ago

 Description   

Install the prerequisites on the Monitoring Agent server

Install the Linux Kerberos client package

On Debian:

sudo apt-get install krb5-user

On RHEL:

sudo yum install krb5-appl-clients.x86_64

Don't forget to create an /etc/krb5.conf file.

Install Python Kerberos packages

On Debian:

sudo apt-get install python-pip libkrb5-dev build-essential python-dev
sudo pip install pymongo
suod pip install kerberos

On RHEL:

sudo yum install gcc python-devel krb5-devel.x86_64 
sudo pip install pymongo
sudo pip install kerberos

Create a krb5.conf file

Create or configure the /etc/krb5.conf file as necessary for your Kerberos environment.

Verify location of kinit application

Make sure that the kinit application is available at /usr/bin/kinit.

Create the Kerberos principal and MongoDB user

1. Create or choose a Kerberos principal for the Monitoring Agent
2. Generate a keytab for the Kerberos principal and copy it to the Monitoring Agent server. Make sure that the keytab file is owned by the same Linux user that you use to run the Monitoring Agent.
3. Create a mongodb user for that Kerberos principal. Please see documentation on required roles [link to auth doc]
4. Enter the Kerberos principal ID and the full path to the keytab in the settings.py file.



 Comments   
Comment by Githook User [ 02/Dec/13 ]

Author:

{u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: DOCS-2259: monitoring agents in kerberized environments
Branch: v1.3
https://github.com/10gen/mms-docs/commit/43de5533739cdbc3af03a59b3366995064ff8906

Comment by Githook User [ 27/Nov/13 ]

Author:

{u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: DOCS-2259: edits to kerberos document
Branch: master
https://github.com/10gen/mms-docs/commit/4e6e6b1bd16c51cc8741f5112b2b1d86ef13101d

Comment by Githook User [ 27/Nov/13 ]

Author:

{u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: DOCS-2259: monitoring agents in kerberized environments
Branch: master
https://github.com/10gen/mms-docs/commit/85e890d805b4b66284a04836588cfd3a565cee56

Generated at Thu Feb 08 07:43:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.