[SERVER-4528] Will enabling auth=true in the config change behaviour prior to creating users? Created: 19/Dec/11  Updated: 11/Jul/16  Resolved: 22/Dec/11

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Neil Levine Assignee: Marc Bastien
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Hopefully the subject is descriptive. I want to enable auth in the config file but our Puppet system will deploy the file to some machines which won't have any user/pass details on them. Will this break anything?



 Comments   
Comment by Marc Bastien [ 22/Dec/11 ]

My pleasure. Glad I was able to help!

Comment by Neil Levine [ 22/Dec/11 ]

Ok, thanks. You can close the ticket.

Comment by Marc Bastien [ 22/Dec/11 ]

You are correct on both counts.

If mongod is started with auth=true, but no credentials set up, no client will be able to connect. However, if there are no admin users configured, one may access the admin database from the localhost interface without authenticating, so that an administrative user may be configured.

As for your second question, Admin users' credentials are stored in the admin database, and those users can access any other database. Other user's credentials are stored in each database, and those users can only access the database(s) that contain their credentials.

More information on authentication can be found in the Mongo Documentation titled "Security and Authentication"

http://www.mongodb.org/display/DOCS/Security+and+Authentication

Comment by Neil Levine [ 21/Dec/11 ]

I have one server which I want to use auth with and another which I don't. THey
currently use the same mongo conf file (distributed by puppet). I wanted to
check what happens if I set Auth=True for both servers but don't set up any
credentials on one of them. After testing, it appears that this breaks things
ie. you have to have creds installed if the auth is set to true. Can you
confirm this is correct behaviour?

My second question is that it looks like the auth creds for a specific database
have to be stored in the database itself, as opposed to the admin database. Is
that right?

Comment by Neil Levine [ 21/Dec/11 ]

On Tue, Dec 20, 2011 at 04:18:48AM +0000, Eliot Horowitz (JIRA) said:

I have one server which I want to use auth with and another which I don't. THey
currently use the same mongo conf file (distributed by puppet). I wanted to
check what happens if I set Auth=True for both servers but don't set up any
credentials on one of them. After testing, it appears that this breaks things
ie. you have to have creds installed if the auth is set to true. Can you
confirm this is correct behaviour?

My second question is that it looks like the auth creds for a specific database
have to be stored in the database itself, as opposed to the admin database. Is
that right?

Thanks,

Neil

Comment by Eliot Horowitz (Inactive) [ 20/Dec/11 ]

What is the overall config?
If you require auth and setup users, but some clients don't have the user/pass, then things will break.

Generated at Thu Feb 08 03:06:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.