Documentation changes for MMS OnPrem 1.3 (DOCS-2087)

[DOCS-2556] OnPrem1.3: Document kerberos support for Kerberos auth between MMS web server and backing MongoDB Created: 18/Jan/14  Updated: 02/Sep/14  Resolved: 26/Feb/14

Status: Closed
Project: Documentation
Component/s: Cloud Manager
Affects Version/s: None
Fix Version/s: v1.3.1

Type: Sub-task Priority: Critical - P2
Reporter: Cailin Nelson Assignee: Tim Slavin
Resolution: Done Votes: 0
Labels: sprint-rollover
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 10 years, 4 weeks, 4 days ago

 Description   

MMS OnPrem1.3 supports Kerberos authentication between the MMS web server and its backing MongoDB. This is documented within the configuration file, but not in our formal docs.

This should go in the Authentication section of the following page:

https://mms.mongodb.com/help-hosted/v1.3/monitoring/tutorial/install-monitoring-server/



 Comments   
Comment by Cailin Nelson [ 18/Jan/14 ]

Here's what's in the conf file:

# #####################################
# Kerberos Module (optional)
#
# jvm.java.security.krb5.kdc: This should be the IP/FQDN of the KDC server. The value will be set to JVM's
# java.security.krb5.kdc.
#
# jvm.java.security.krb5.realm: This is the default REALM for Kerberos. It is being used for JVM's
# java.security.krb5.realm.
#
# mms.kerberos.principal: The principal we used to authenticate with MongoDB. This should be the exact same user
# on the mongoUri above.
#
# mms.kerberos.keyTab: The absolute path to the keytab file for the principal.
#
# mms.kerberos.debug: The debug flag to output more information on Kerberos authentication process.
#
# Please note, all the parameters are required for Kerberos authentication, except mms.kerberos.debug. The mechanism
# will not be functioning if any of the setting value is missing.
#
# Assume your kdc server FQDN is kdc.example.com, your Kerberos default realm is: EXAMPLE.COM,
# the host running MMS app is mmsweb.example.com, the Kerberos for MMS is mms/mmsweb.example.com@EXAMPLE.com,
# And you have a keytab file for mms/mmsweb.example.com@EXAMPLE.COM located at /path/to/mms.keytab, then the
# configurations would be:
#       jvm.java.security.krb5.kdc=kdc.example.com
#       jvm.java.security.krb5.realm=EXAMPLE.COM
#       mms.kerberos.principal=mms/mmsweb.example.com@EXAMPLE.COM
#       mms.kerberos.keyTab=/path/to/mms.keytab
#       mms.kerberos.debug=false
#
# ####################################
#jvm.java.security.krb5.kdc=
#jvm.java.security.krb5.realm=
#mms.kerberos.principal=
#mms.kerberos.keyTab=
#mms.kerberos.debug=

Generated at Thu Feb 08 07:43:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.