[SERVER-24402] Auth-Enabled mongo conf, not working with MONGODB-CR Authentication Created: 03/Jun/16 Updated: 14/Jul/16 Resolved: 10/Jun/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Admin, Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | tilak mishra | Assignee: | Kelsey Schubert |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Description |
|
We are using Mongo 3.0.3. As our client .Net driver doesn't support SCRAM-SHA-1 type authentication, had to downgrade the security to MONGODB-CR. The replicaset successfully connects to client and communication takes place. Below are the proofs:
Recently we implemented Auth-Enabled feature in our Mongod.conf file, since then after restarting Replica set, seeing the below error.
Used OpenSSL method to generate the keyfile. It's stored with 600 permission in a place where the user running mongod has access. I have been searching for the solution to this problem, however none is related to my case. what feels me nervous is - in Mongodb documentation it says "Keyfiles use SCRAM-SHA-1 challenge and response authentication mechanism. " so, if the Keyfiles uses SCRAM-SHA-1 challenge and response, how it's going to work in this case as i have already lowered the authentication mechanism to MONGODB-CR because of the client driver? And what would be the solution to this problem. Please help. Thank you,. |
| Comments |
| Comment by Ramon Fernandez Marina [ 15/Jun/16 ] |
|
tilakmishra, unfortunately we're not able to provide support in this project. Please post on the mongodb-user group as suggested by Thomas for all MongoDB support-related questions. Thanks, |
| Comment by tilak mishra [ 15/Jun/16 ] |
|
Thanks Thomas for giving guidance. I tried again, after regenerating the key file using these commands: And then, added below entries to mongod.conf file. However not sure what's going wrong , i am getting this error when trying to start mongod using security.. Can you please help and guide? I am really in a very awkward situation, in 3 non environments it worked, dont know why its failing in Prod. |
| Comment by Kelsey Schubert [ 10/Jun/16 ] |
|
Hi tilakmishra, It is expected that, even when using the MONGODB-CR authentication mechanism, drivers and clients that support MongoDB 3.0 features will use the SCRAM communication protocol. This behavior is not cause for worry as the client drivers that do not support SCRAM should still be able to authenticate using MONGODB-CR when you downgrade. The error message you are observing suggests that the credentials are incorrect or misconfigured in some way. Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. I see that you have already posted on the mongodb-users group and Stack Overflow with the mongodb tag with the same question. These are the best places to receive MongoDB-related support as your question will reach a wider audience. See also our Technical Support page for additional support resources. Kind regards, |
| Comment by tilak mishra [ 10/Jun/16 ] |
|
Any solution please? |