Details
Using one or more industry standard authentication mechanisms helps organizations enforce their account and password policies for their MongoDB users.
Rationale:
Without an industry standard authentication mechanism in place, account and password management is more tedious, and authentication may not align with the organization’s policies.
Solution
In order to implement an industry standard authentication mechanism, use the corresponding sample from the list below as a model for specifying the authentication mechanisms in the MongoDB configuration file.
x.509 Certificates for Client Authentication:
security:
clusterAuthMode: x509
net:
ssl:
mode: requireSSL
PEMKeyFile:
MongoDB with Kerberos Authentication on Linux:
security:
authorization: enabled
setParameter:
authenticationMechanisms: GSSAPI
storage:
dbPath: /opt/mongodb/data
See the reference section for a link to a detailed procedure for establishing the Kerberos service principal and keytab file.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.