Chinaunix首页 | 论坛 | 博客
  • 博客访问: 791379
  • 博文数量: 185
  • 博客积分: 7434
  • 博客等级: 少将
  • 技术积分: 2325
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-29 14:01
文章分类

全部博文(185)

文章存档

2013年(1)

2012年(2)

2011年(17)

2010年(25)

2009年(36)

2008年(104)

分类: LINUX

2011-04-12 13:44:48

mongodb replica set开启用户认证

mongo普通实例要开启用户认证只需在mongod启动时加上--auth即可,在1.7.5之前的版本,用replica set模式后是不支持用户认证的,目前发现的1.8版本已经可以在replica set环境也启用用户认证了,但操作步骤与单实例不同,以下作个简单介绍(作者george.ma,blog: myj.blog.chinaunix.net)
 

Replica set authentication works a little differently from single-server authentication, so that each member can automatically authenticate itself to the other members of the set.

Replica set用户认证与单mongod进程用户认证操作方法有所区别

To set it up:操作步骤

  1. Create a key file that can be copied to each server in the set. A key file is composed of characters in the , plus whitespace and newlines (see for details).创建一个key文件,可参考后面key文件样例
  2. Modify this file's permissions to be only readable by the current user.修改key文件权限为只有起动mongod的用户只读
  3. Start each member of the set with the --keyFile /path/to/file option.每个成员启动时加--keyfile
  4. Each client connection to the database must be authenticated before it can be used, as with single-server authentication.

You do not need to use the --auth option, too, --keyFile implies --auth.不需要再加--auth

Example

If we had a two-member replica set with members a and b, we could start them up with authentication enabled by running:

a$ echo "this is my super secret key" > mykey a$ chmod 600 mykey a$ mongod --keyFile mykey # other options... b$ echo "this is my super secret key" > mykey b$ chmod 600 mykey b$ mongod --keyFile mykey # other options...

Then run rs.initiate() and so on.

To convert an existing set, shut down all members and restart them with the --keyFile option.

You can turn off authentication by restarting the set without the --keyFile option.

Using the Database with Replica Set Authentication On

From the client's perspective, authentication works the same way with replica sets as it does with single servers.

For example, suppose you create a new replica set and start the members with --keyFile. Connect to the master locally to add users:

master$ mongo MongoDB shell version: x.y.z connecting to: test > db.addUser("foo", "bar")

Clients should authenticate as usual when they make connections.

any-member$ mongo -u foo -p MongoDB shell version: x.y.z Enter password:
About the Key File

A key file must contain at least 6 Base64 characters and be no larger than 1KB (whitespace included). Whitespace characters are stripped, so the following keys are identical to the database:

$ echo -e "my secret key" > key1 $ echo -e "my secret key\n" > key2 $ echo -e "my secret key" > key3 $ echo -e "my\r\nsecret\r\nkey\r\n" > key4

If you run mongod with -v, the key will be printed in the log.

Permissions

Group and everyone must have 0 permissions. At the moment, permissions are not checked by mongod on Windows.


参考:

阅读(3280) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~