Enterprise Authentication Mechanisms¶
On this page
In addition to the authentication mechanisms offered, MongoDB Enterprise provides integration with the following authentication mechanisms.
Kerberos Authentication¶
MongoDB Enterprise supports authentication using a Kerberos service. Kerberos is an industry standard authentication protocol for large client/server systems.
To use MongoDB with Kerberos, you must have a properly configured Kerberos deployment, configured Kerberos service principals for MongoDB, and added Kerberos user principal to MongoDB.
For more information on Kerberos and MongoDB, see:
LDAP Proxy Authentication¶
MongoDB Enterprise supports proxy authentication through a Lightweight Directory Access Protocol (LDAP) service.
在 3.4 版更改: MongoDB 3.4 supports using operating system libraries instead of the saslauthd daemon, allowing MongoDB 3.4 servers running on Linux and Microsoft Windows to connect to LDAP servers. Linux MongoDB deployments continue to support saslauthd.
Previous versions of MongoDB support authentication against an LDAP server using simple and SASL binding via saslauthd. This restricted LDAP authentication support to only Linux MongoDB deployments.
See LDAP Proxy Authentication for more information.
LDAP Authorization¶
3.4 新版功能.
MongoDB Enterprise supports querying an LDAP server for the LDAP groups the authenticated user is a member of. MongoDB maps the Distinguished Names (DN) of each returned group to roles on the admin database. MongoDB authorizes the user based on the mapped roles and their associated privileges. See LDAP Authorization for more information.