Hunk App for MongoDB: Is mongodb's MONGODB-SCRAM-S...

richarddicaire · ‎06-14-2016

Using MONGODB-CR auth fails with mongodb 3.x since 3.x doesn't default to CR.

Hunk 3.4.1, Hunk App for MongoDB 1.0.4, mongodb 3.2.1

mongod.log:

2016-06-14T19:19:45.753-0400 I ACCESS   [conn91547]  authenticate db: somedb { authenticate: 1, user: "someuser", nonce: "xxx", key: "xxx" }
2016-06-14T19:19:45.753-0400 I ACCESS   [conn91547] Failed to authenticate someuser@somedb with mechanism MONGODB-CR: AuthenticationFailed MONGODB-CR credentials missing in the user document

Inspect job:

06-14-2016 16:19:45.761 ERROR ERP.local-mongodb -  MongoDBERP - Exception while executing search process.
06-14-2016 16:19:45.761 ERROR ERP.local-mongodb -  com.mongodb.CommandFailureException: { "serverUsed" : "someserver:27017" , "ok" : 0.0 , "errmsg" : "auth failed" , "code" : 18}

rdagan_splunk · ‎06-15-2016

Looking at the App documentation I can see that MongoDB App allows to specify 4 types of authentication mechanism

vix.mongodb.auth.mechanism = X509
vix.mongodb.auth.username = [username]

vix.mongodb.auth.mechanism = Kerberos
vix.mongodb.auth.username = [username]

vix.mongodb.auth.mechanism = CR
vix.mongodb.auth.username = [username]
vix.mongodb.auth.password = [password as plain text]

vix.mongodb.auth.mechanism = Plain
vix.mongodb.auth.username = [username]
vix.mongodb.auth.source = [source]

The value for 'vix.mongodb.auth.mechanism' is case-insensitive.

Hunk App for MongoDB: Is mongodb's MONGODB-SCRAM-SHA-1 auth supported?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases