MongoDB Enterprise Authentication Methods: LDAP and KerberosMongoDB企业身份验证方法：LDAP和Kerberos

If you have a MongoDB Enterprise license, you can take advantage of two authentication methods supported by the MongoDB Enterprise server: LDAP and Kerberos.如果您拥有MongoDB Enterprise许可证，则可以利用MongoDB Enterprise server支持的两种身份验证方法：LDAP和Kerberos。

They’re quite different from one another, so here’s a short overview to help determine which authentication method might better suit your MongoDB enterprise needs and setup resources.它们之间有很大的不同，所以这里有一个简短的概述，帮助您确定哪种身份验证方法可能更适合您的MongoDB企业需求和安装资源。

What is LDAP?LDAP是什么

Short for Lightweight Directory Access Protocol, LDAP is a protocol used to access directory servers.LDAP是“轻量级目录访问协议”的简称，是一种用于访问目录服务器的协议。

If you’re using databases (like MongoDB) which support the protocol, think of LDAP as the layer that sits on top of them, enabling you to centrally authorize and authenticate users by running LDAP-specific queries. 如果您使用的是支持该协议的数据库（如MongoDB），请将LDAP视为位于其之上的层，这样您就可以通过运行特定于LDAP的查询来集中授权和验证用户。No complex cryptography, just straightforward lookups.没有复杂的密码，只是简单的查找。

LDAP authentication in MongoDBMongoDB中的LDAP身份验证

As of Version 3.4, MongoDB Enterprise Server supports LDAP authorization. 从3.4版开始，MongoDB Enterprise Server支持LDAP授权。MongoDB has prepared quite a thorough documentation on MongoDB LDAP authentication, but be warned: the LDAP topic is quite broad that even the documentation assumes those tasked with the setup are already familiar with the protocol.MongoDB已经准备了一份关于MongoDB LDAP身份验证的完整文档，但请注意：LDAP主题非常广泛，甚至文档都假定负责安装的人已经熟悉该协议。

What is Kerberos?什么是Kerberos？

Unlike LDAP which checks for key-value pairs like username-password to authenticate users, Kerberos uses strong key cryptography.与LDAP不同，LDAP检查用户名密码等键值对以验证用户身份，Kerberos使用强密钥加密。

Each client or local machine lives within a “realm” – think of it as the scope of assets or services it’s allowed to access – and holds a secret key which serves as proof of identity whenever it sends a request to what’s called the Key Distribution Center or KDC. 每个客户机或本地机器都生活在一个“领域”内——将其视为允许其访问的资产或服务的范围——并持有一个秘密密钥，每当它向所谓的密钥分发中心或KDC发送请求时，该密钥将作为身份证明。The authentication server within the KDC takes this secret key to request an access-granting “ticket” from the ticket-granting server, also within the KDC. KDC内的身份验证服务器使用此密钥从票据授予服务器（也在KDC内）请求访问授权“票据”。The ticket is granted only after a series of successful mutual authentication between the client and the KDC, which then gives the user access to the requested service.只有在客户机和KDC之间进行了一系列成功的相互身份验证之后，才会授予该票据，然后KDC允许用户访问请求的服务。

Kerberos authentication in MongoDBMongoDB中的Kerberos身份验证

MongoDB Enterprise has supported Kerberos authentication since Version 2.4. MongoDB Enterprise从2.4版开始就支持Kerberos身份验证。You can find the full list of compatible MongoDB drivers and the complete documentation for various configuration scenarios (e.g. Linux, Windows) here.您可以在这里找到兼容MongoDB驱动程序的完整列表，以及各种配置场景（如Linux、Windows）的完整文档。

Certified for MongoDB EnterpriseMongoDB企业认证

Studio 3T is a certified MongoDB Enterprise partner. Studio 3T是经认证的MongoDB企业合作伙伴。Our Ultimate edition fully integrates with MongoDB Enterprise and makes it easy to deploy both LDAP and Kerberos authentication across your company – and a whole lot more.旗舰版与MongoDB Enterprise完全集成，可以轻松地在您的公司中部署LDAP和Kerberos身份验证，以及更多功能。

Built especially for professional teams, Studio 3T Ultimate edition unlocks a full suite of advanced features like polyglot query code generation, the ability to use SQL to query MongoDB, and seamless import/export between MongoDB and SQL, that’s sure to save your team time and effort.Studio 3T Ultimate edition专为专业团队打造，提供全套高级功能，如多语言查询代码生成、使用SQL查询MongoDB的能力，以及MongoDB和SQL之间的无缝导入/导出，这肯定会节省团队的时间和精力。

Get your Studio 3T Ultimate license获得Studio 3T终极许可证 today to enable LDAP and Kerberos authentication.现在，我们需要启用LDAP和Kerberos身份验证。