-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
authentication.txt
80 lines (56 loc) · 2.41 KB
/
authentication.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.. _authentication:
==============
Authentication
==============
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
Authentication is the process of verifying the identity of a client. When
access control, i.e. :doc:`authorization </core/authorization>`, is enabled,
MongoDB requires all clients to authenticate themselves in order to determine
their access.
Although authentication and :doc:`authorization </core/authorization>` are
closely connected, authentication is distinct from authorization.
Authentication verifies the identity of a user; authorization determines the
verified user's access to resources and operations.
Authentication Methods
----------------------
.. include:: /includes/fact-authenticate.rst
Authentication Mechanisms
-------------------------
MongoDB supports a number of :ref:`authentication mechanisms
<security-authentication-mechanisms>` that clients can use to verify
their identity. These mechanisms allow MongoDB to integrate into your
existing authentication system.
MongoDB supports multiple authentication mechanisms:
- :ref:`authentication-scram` (Default)
- :ref:`MongoDB Challenge and Response (MONGODB-CR)
<authentication-mongodb-cr>`
- :ref:`x.509 Certificate Authentication <security-auth-x509>`.
In addition to supporting the aforementioned mechanisms, MongoDB Enterprise
also supports the following mechanisms:
- :ref:`LDAP proxy authentication <security-auth-ldap>`, and
- :ref:`Kerberos authentication <security-auth-kerberos>`.
Internal Authentication
-----------------------
In addition to verifying the identity of a client, MongoDB can require
members of replica sets and sharded clusters to :ref:`authenticate
their membership <inter-process-auth>` to their respective
replica set or sharded cluster. See :ref:`inter-process-auth`
for more information.
Authentication on Sharded Clusters
----------------------------------
In sharded clusters, clients generally authenticate directly to the
:binary:`~bin.mongos` instances. However, some maintenance operations may require
authenticating directly to a specific shard. For more information on
authentication and sharded clusters, see :ref:`sharding-security`.
.. class:: hidden
.. toctree::
:titlesonly:
/core/security-users
/core/authentication-mechanisms
/core/authentication-mechanisms-enterprise
/core/security-internal-authentication