[DOCS-7457] Comment on: "manual/tutorial/enable-authentication.txt" Created: 17/Mar/16 Updated: 11/Jan/17 Resolved: 20/Sep/16 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 01112017-cleanup |
| Type: | Bug | Priority: | Trivial - P5 |
| Reporter: | Docs Collector User (Inactive) | Assignee: | Ravind Kumar (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | collector-298ba4e7 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Location: https://docs.mongodb.org/manual/tutorial/enable-authentication/ |
||
| Participants: | |
| Days since reply: | 7 years, 47 weeks, 6 days ago |
| Story Points: | 0.25 |
| Description |
|
My question is: For replica sets does --auth propogate? Can it be run on a secondary ? |
| Comments |
| Comment by Ravind Kumar (Inactive) [ 17/Mar/16 ] |
|
"Hello, The --auth parameter does not propogate. For authentication to work on a replica set, you need to start each member of the replica set with the --auth parameter. When you create users, you must create them on the primary member of the replica set using a localhost exception. This means running a mongo shell from the same physical machine as the target mongod process. Once users are created on the primary, they propagate to other members in the replica set. So users as configured on the primary propagate to the remaining members of the replica set, but --auth does not. If you are looking into security for replica sets, we strongly encourage also exploring internal authentication via keyfile or x.509 certificates. Internal Authentication secures communication between members of a replica set or sharded cluster, and enforcing internal authentication also enforces user access control. We have updated security documentation in the pipeline that provides better documentation of security in replica sets and sharded clusters. Consider following DOCS-6963 for updates. " |