Docs Home / Compass / Connect / ~~Advanced Options~~高级选项

Authentication Connection Tab身份验证连接选项卡

~~The Authentication tab allows you to connect to deployments that require authentication. To learn about authentication mechanisms within MongoDB, see Authentication Mechanisms.~~“身份验证”选项卡允许您连接到需要身份验证的部署。要了解MongoDB中的身份验证机制，请参阅身份验证机制。

Procedure过程

Open the New Connection modal.打开“新建连接”模式。

~~In the bottom panel of the Connections Sidebar, click Add New Connection to open the New Connection modal.~~在“连接”侧边栏的底部面板中，单击“添加新连接”以打开“新建连接”模式。

~~If you already have connections listed in the Connections Sidebar, click the icon on the top right of the sidebar to open the New Connection modal.~~如果您已经在“连接”侧边栏中列出了连接，请单击侧边栏右上角的图标以打开“新连接”模式。

Click Advanced Connection Options.单击“高级连接选项”。

Click the Authentication tab.单击“身份验证”选项卡。

~~Select your authentication method from the following options:~~从以下选项中选择您的身份验证方法：

Username / Password
OIDC
X.509
Kerberos
LDAP
AWS IAM

Username / Password用户名/密码

~~Provide the following information:~~提供以下信息：

~~Username~~用户名
~~Password~~密码
~~(Optional) Authentication Database~~（可选）身份验证数据库
~~Authentication Mechancism:~~身份验证机制：
- ~~Default~~默认
  
  ~~The Default setting selects the first authentication mechanism supported by the server according to an order of preference.~~Default设置根据优先顺序选择服务器支持的第一个身份验证机制。
  
  ~~With the Default setting, MongoDB tries to authenticate using the following mechanisms in the order they are listed:~~在Default设置下，MongoDB会尝试按照以下列出的顺序使用以下机制进行身份验证：
  1. SCRAM-SHA-256
  2. SCRAM-SHA-1
  3. MONGODB-CR
- SCRAM-SHA-1
- SCRAM-SHA-256

OIDC

~~Select OIDC if the deployment uses OpenID Connect as its authentication mechanism.~~如果部署使用OpenID Connect作为其身份验证机制，请选择“OIDC”。

~~Provide the following information:~~提供以下信息：

~~Field~~字段	~~Description~~描述
~~Username~~用户名	~~Optional. OpenID Connect username.~~可选。OpenID连接用户名。
~~Auth Code Flow Redirect URI~~身份验证代码流重定向URI	~~Optional. Specify a URI where the identity provider redirects you after authentication. The URI must match the configuration of the Identity Provider. The default is `http://localhost:27097/redirect`.~~可选。指定身份验证后身份提供程序重定向您的URI。URI必须与身份提供程序的配置匹配。默认值为`http://localhost:27097/redirect`。
~~Consider Target Endpoint Trusted~~认为目标端点受信任	Optional. Allows connecting to a target endpoint that is not in the list of endpoints that are considered trusted by default. Use to ensure that access tokens are sent to trusted servers. Only use this option when connecting to servers that you trust.可选。允许连接到默认情况下不在受信任端点列表中的目标端点。用于确保访问令牌被发送到受信任的服务器。仅在连接到您信任的服务器时使用此选项。
~~Enable Device Authentication Flow~~启用设备身份验证流	~~Optional. When the Show Device Auth Flow Checkbox setting is enabled, Compass can provide you with a URL and code to finish authentication.~~可选。启用“显示设备身份验证流”复选框设置后，Compass可以为您提供URL和代码以完成身份验证。 ~~This is a less secure authentication flow that can be used as a fallback when browser-based authentication is unavailable.~~这是一个不太安全的身份验证流，当基于浏览器的身份验证不可用时，可以用作回退。
~~Use Application-Level Proxy Settings~~使用应用程序级代理设置	Optional. Use the application-level proxy settings specified in the Compass Settings panel. Enabled by default. If you don't enable application-level proxy settings, Compass uses the same proxy to connect to both the cluster and identity provider.可选。使用“Compass设置”面板中指定的应用程序级代理设置。默认情况下启用。如果不启用应用程序级代理设置，Compass将使用相同的代理连接到集群和身份提供程序。
~~Send a nonce in the Auth Code Request~~在验证码请求中发送随机数	~~Optional. Includes a random nonce as a part of the auth code request to prevent replay attacks. Enabled by default.~~可选。在身份验证代码请求中包含随机随机数，以防止重放攻击。默认情况下启用。 ~~The nonce is an important security component. Only disable this setting if it is not supported by your OIDC provider.~~nonce是一个重要的安全组件。仅当您的OIDC提供商不支持此设置时，才禁用此设置。

X.509

~~Select X.509 if the deployment uses X.509 as its authentication mechanism.~~如果部署使用X.509作为其身份验证机制，请选择“X.509”。

Note

~~X.509 Authentication requires a client certificate. To enable TLS and add a client certificate, see the TLS / SSL tab in Compass.~~X.509身份验证需要客户端证书。要启用TLS并添加客户端证书，请参阅Compass中的TLS/SSL选项卡。

Kerberos

~~Select Kerberos if the deployment uses Kerberos as its authentication mechanism.~~如果部署使用KerberosKerberos作为其身份验证机制，请选择“Kerberos”。

~~Provide the following information:~~提供以下信息：

~~Field~~字段 ~~Description~~描述

~~Principal~~主体 ~~Every participant in the authenticated communication is known as a "principal", and every principal must have a unique name.~~经过身份验证的通信中的每个参与者都被称为“主体”，每个主体都必须有一个唯一的名称。

~~(Optional) Service Name~~（可选）服务名称 ~~Every MongoDB mongod and mongos instance (or mongod.exe and mongos.exe on Windows) must have an associated service name. The default is mongodb.~~每个MongoDB mongod和mongos实例（或Windows上的mongod.exe和mongos.exe）都必须有一个关联的服务名称。默认值是mongodb。

~~(Optional) Canonicalize Host Name~~（可选）规范主机名 ~~Kerberos uses the canonicalized form of the host name (cname) when constructing the principal for MongoDB Compass.~~Kerberos在为MongoDB Compass构建主体时使用主机名（cname）的规范化形式。

~~(Optional) Service Realm~~（可选）服务领域

~~The service realm is the domain over which a Kerberos authentication server has the authority to authenticate a user.~~服务域是Kerberos身份验证服务器有权对用户进行身份验证的域。

~~If you choose to Canonicalize Host Name, you can specify one of the following options:~~如果选择“规范化主机名”，可以指定以下选项之一：

~~Option~~选项	~~Description~~描述
~~Forward~~转发	~~The driver does a `cname` lookup on the kerberos hostname.~~驱动程序对kerberos主机名进行cname查找。
~~Forward and Reverse~~正向和反向	~~Performs a forward DNS lookup and then a reverse lookup on that value to canonicalize the hostname.~~对该值执行正向DNS查找，然后进行反向查找以规范主机名。

~~For more information on principal name canonicalization in Kerberos, see this RFC document.~~有关Kerberos中主体名称规范化的更多信息，请参阅此RFC文档。

~~(Optional) Provide password directly~~（可选）直接提供密码 ~~Used to verify your identity. To show the Kerberos password field, you must enable the showKerberosPasswordField option.~~用于验证您的身份。要显示Kerberos密码字段，必须启用showKerberosPasswordField选项。

Authenticate as a Different Kerberos User on Windows在Windows上以不同的Kerberos用户身份进行身份验证

When you authenticate with Kerberos on Windows, the Principal you specify must match the principal of the security context that Compass is running. Normally, this is the logged-in user who is running Compass.当您在Windows上使用Kerberos进行身份验证时，您指定的主体必须与Compass正在运行的安全上下文的“主体”相匹配。通常，这是运行Compass的登录用户。

~~To authenticate as a different Kerberos user, run MongoDB Compass as the chosen user and specify the Principal for that user. To run MongoDB Compass as a different user, either:~~要作为其他Kerberos用户进行身份验证，请以所选用户的身份运行MongoDB Compass，并为该用户指定主体。要以其他用户身份运行MongoDB Compass，请执行以下操作之一：

~~Hold Shift and right-click the MongoDB Compass program icon to select Run as a different user.~~按住Shift键，右键单击MongoDB Compass程序图标，选择“以其他用户身份运行”。
~~Use the runas command-line tool. For example, the following command runs MongoDB Compass as a user named admin:~~使用runas命令行工具。例如，以下命令以名为admin的用户身份运行MongoDB Compass：
```
runas /profile /user:mymachine\admin <path to MongoDB Compass>
```

~~After you start MongoDB Compass as the chosen user, to authenticate against your Kerberos-enabled MongoDB deployment, specify the Principal for the corresponding user.~~以所选用户身份启动MongoDB Compass后，要根据启用Kerberos的MongoDB部署进行身份验证，请为相应用户指定主体。

LDAP

Note

~~See the Examples section on this page for an example of the authentication tab configured for username and password authentication.~~有关为用户名和密码身份验证配置的身份验证选项卡的示例，请参阅本页的示例部分。

~~Select LDAP if the deployment uses LDAP as its authentication mechanism.~~如果部署使用LDAP作为其身份验证机制，请选择“LDAP”。

~~Provide the following information:~~提供以下信息：

~~Username~~用户名
~~Password~~密码

AWS IAM

~~Select AWS IAM if the deployment uses AWS IAM as its authentication mechanism.~~如果部署使用AWS IAM作为其身份验证机制，请选择“AWS IAM”。

The following fields are optional as they can be defined on your platform using their respective AWS IAM environment variables. MongoDB Compass will use these environment variable values to authenticate; you do not need to specify them in the connection string.以下字段是可选的，因为它们可以在您的平台上使用各自的AWS IAM环境变量进行定义。MongoDB Compass将使用这些环境变量值进行身份验证；您不需要在连接字符串中指定它们。

~~(Optional) AWS Access Key Id~~（可选）AWS访问键Id
~~(Optional) AWS Secret Access Key~~（可选）AWS秘密访问键
~~(Optional) AWS Session Token~~（可选）AWS会话令牌

(Optional) For advanced connection configuration options, click the Advanced tab.（可选）有关高级连接配置选项，请单击“高级”选项卡。

Click Connect.单击“连接”。

Tip

~~To disconnect from your deployment, see Disconnect from MongoDB.~~要断开与部署的连接，请参阅断开与MongoDB的连接。

Examples示例

Username and Password Authentication用户名和密码验证

~~The following example specifies a connection with username and password authentication with SCRAM-SHA-256 in the Authentication tab.~~以下示例在“身份验证”选项卡中指定了使用SCRAM-SHA-256进行用户名和密码身份验证的连接。

Screenshot of Compass configured to authenticate with username and password

LDAP AuthenticationLDAP身份验证

~~Alternatively, the following example specifies a connection with LDAP authentication in the Authentication tab.~~或者，以下示例在“身份验证”选项卡中指定了使用LDAP身份验证的连接。

Screenshot of Compass configured to authenticate with LDAP

Back

~~General~~常规

TLS/SSL