官术网_书友最值得收藏!

Kerberos authentication

MongoDB Enterprise Edition also offers Kerberos authentication. Kerberos, named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of the underworld, Hades, focuses on mutual authentication between client-server protecting against eavesdropping and replay attacks.

Kerberos is widely used in Windows systems, through integration with Microsoft's Active Directory. To install Kerberos, we need to start mongod without Kerberos set up and then connect to the $external database (not the admin that we normally use for admin authorization) and create a user with a Kerberos role and permissions:

use $external
db.createUser(
{
user: "mongo_book_user@packt.net",
roles: [ { role: "read", db: "mongo_book" } ]
}
)

In the preceding example, we are authorizing the mongo_book_user@packt.net user to read our  mongo_book  database, just like we would do with a user using our admin system.

After that, we need to start our server with Kerberos support by passing in the authenticationMechanisms parameter:

--setParameter authenticationMechanisms=GSSAPI

And now we can connect from our server or command line:

$ mongo.exe --host <mongoserver> --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username mongo_book_user@packt.net
主站蜘蛛池模板: 日照市| 云和县| 简阳市| 韶关市| 永新县| 宁陕县| 郸城县| 屏边| 东莞市| 宝坻区| 岳阳市| 石景山区| 囊谦县| 广饶县| 特克斯县| 剑阁县| 佛学| 北宁市| 上犹县| 沈丘县| 焦作市| 延吉市| 临颍县| 浪卡子县| 高碑店市| 蒙城县| 荥阳市| 桂平市| 潼关县| 伊通| 黔南| 临潭县| 石屏县| 金昌市| 舟曲县| 武平县| 黔西县| 新蔡县| 疏附县| 虞城县| 锡林浩特市|