I just tested this with a fresh Debian 7 install, and a fresh install of MongoDB. I added a user (adam) first, then edited the /etc/mongod.conf file to uncomment the auth = true line. I then issued the service mongod restart command and attempted to log in as the user, and succeeded - I also tried incorrect credentials and failed. Hence, authentication seems to be working just fine, there were no obvious problems using the config file to specify authentication is enabled.
So, a couple of questions:
- How are you testing that authentication is enabled?
- Do you perhaps have more than one line in your config file that ontains auth/noauth statements?
For reference, here's most of my testing with the feedback from the shell etc.
First, the install and setting up the initial user:
root@deb7:~# apt-get install mongodb-org Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools The following NEW packages will be installed: mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools 0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded. Need to get 114 MB of archives. After this operation, 287 MB of additional disk space will be used. Do you want to continue [Y/n]? ** SNIP for brevity** Setting up mongodb-org-shell (2.6.1) ... Setting up mongodb-org-server (2.6.1) ... Adding system user `mongodb' (UID 104) ... Adding new user `mongodb' (UID 104) with group `nogroup' ... Not creating home directory `/home/mongodb'. Adding group `mongodb' (GID 107) ... Done. Adding user `mongodb' to group `mongodb' ... Adding user mongodb to group mongodb Done. [ ok ] Starting database: mongod. Setting up mongodb-org-mongos (2.6.1) ... Setting up mongodb-org-tools (2.6.1) ... Setting up mongodb-org (2.6.1) ... root@deb7:~# mongo MongoDB shell version: 2.6.1 connecting to: test Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user > use admin switched to db admin > db.createUser( ... { ... user: "adam", ... pwd: "password123", ... roles: ... [ ... { ... role: "userAdminAnyDatabase", ... db: "admin" ... } ... ] ... } ... ) Successfully added user: { "user" : "adam", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Next up I edited the /etc/mongod.conf file and removed the # that commented out auth = true (I made no other changes). I saved that file and then restarted the service. Next I connected with the user I had added and verified that I had the right provileges:
root@deb7:~# vim /etc/mongod.conf root@deb7:~# service mongod restart [ ok ] Restarting database: mongod. root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
As you can see, the user I added does not have the privileges to look at the startup warnings, but just to be sure, I checked the privileges:
> use admin switched to db admin > db.runCommand( { usersInfo:"adam", showPrivileges:true } ) { "users" : [ { "_id" : "admin.adam", "user" : "adam", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedRoles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedPrivileges" : [ { "resource" : { "db" : "", "collection" : "" }, "actions" : [ "changeCustomData", "changePassword", "createRole", "createUser", "dropRole", "dropUser", "grantRole", "revokeRole", "viewRole", "viewUser" ] }, { "resource" : { "cluster" : true }, "actions" : [ "authSchemaUpgrade", "invalidateUserCache", "listDatabases" ] }, { "resource" : { "db" : "", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.roles" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.version" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.new_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.backup_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] } ] } ], "ok" : 1 }
Just for completeness, here's an auth failure:
root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test 2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210 exception: login failed
