Details
Authentication is enabled in a sharded cluster when keyfiles are created and configured for all components. This ensures that every client that accesses the cluster must provide credentials, to include MongoDB instances that access each other within the cluster.
Rationale:
Enforcing a key on a sharded cluster prevents unauthorized access to the MongoDB database and provides traceability of database activities to a specific user or component.
Solution
To enable authentication in the sharded cluster, perform the following steps:
Generate A Key File
On each component in the shared cluster, enable authentication by doing one of the foll owing:
o In the configuration file /etc/mongod.conf, set the keyFile option to the key files path and then start the component with this command:
keyFile = /srv/mongodb/keyfile
When starting the component, set –keyFile option, which is an option for both mongos instances and mongod instances. Set the –keyFile to the key files path.
Default Value:
Not configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.