On this page本页内容
Authentication is the process of verifying the identity of a client.身份验证是验证客户端身份的过程。When access control, i.e. authorization, is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.当启用访问控制(即授权)时,MongoDB要求所有客户机进行身份验证,以确定其访问权限。
Although authentication and authorization are closely connected, authentication is distinct from authorization.虽然认证和授权紧密相连,但认证和授权是不同的。Authentication verifies the identity of a user; authorization determines the verified user’s access to resources and operations.身份验证验证用户的身份;授权确定被验证用户对资源和操作的访问。
To authenticate as a user, you must provide a username, password, and the authentication database associated with that user.要作为用户进行身份验证,必须提供用户名、密码以及与该用户关联的身份验证数据库。
To authenticate using the 要使用mongo shell, either:mongo shell进行身份验证,请执行以下任一操作:
mongo command-line authentication options (--username, --password, and --authenticationDatabase) when connecting to the mongod or mongos instance, ormongod或mongos实例时,请使用mongo命令行身份验证选项(--username、--password和--authenticationDatabase),或者mongod or mongos instance, and then run the authenticate command or the db.auth() method against the authentication database.mongod或mongos实例,然后针对身份验证数据库运行authenticate命令或db.auth()方法。
Important重要
Authenticating multiple times as different users does not drop the credentials of previously-authenticated users.多次作为不同的用户进行身份验证不会删除以前经过身份验证的用户的凭据。This may lead to a connection having more permissions than intended by the user, and causes operations within a logical session to raise an error.这可能导致连接的权限超过用户的预期权限,并导致逻辑会话中的操作引发错误。
For examples of authenticating using a MongoDB driver, see the driver documentation.有关使用MongoDB驱动程序进行身份验证的示例,请参阅驱动程序文档。
MongoDB supports a number of authentication mechanisms that clients can use to verify their identity.MongoDB支持许多身份验证机制,客户端可以使用这些机制来验证其身份。These mechanisms allow MongoDB to integrate into your existing authentication system.这些机制允许MongoDB集成到您现有的身份验证系统中。
MongoDB supports multiple authentication mechanisms:MongoDB支持多种身份验证机制:
In addition to supporting the aforementioned mechanisms, MongoDB Enterprise also supports the following mechanisms:除了支持上述机制外,MongoDB Enterprise还支持以下机制:
In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to authenticate their membership to their respective replica set or sharded cluster.除了验证客户机的身份之外,MongoDB还可以要求副本集和分片集群的成员验证其各自副本集或分片集群的成员身份。See Internal/Membership Authentication for more information.有关详细信息,请参阅内部/成员身份验证。
In sharded clusters, clients generally authenticate directly to the 在分片集群中,客户机通常直接向mongos instances.mongos实例进行身份验证。However, some maintenance operations may require authenticating directly to a specific shard.但是,某些维护操作可能需要直接对特定碎片进行身份验证。For more information on authentication and sharded clusters, see Sharded Cluster Users.有关身份验证和分片集群的更多信息,请参阅分片集群用户。