db.auth()

On this page本页内容

Definition定义

db.auth()

Allows a user to authenticate to the database from within the shell.允许用户从shell中对数据库进行身份验证。

Tip

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. mongo shell的4.2版开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

Starting in MongoDB 4.4, if you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.从MongoDB 4.4开始,如果使用db.auth(<username>, <password>)语法并省略密码,则会提示用户输入密码。

Syntax语法

The db.auth() has the following syntax forms:db.auth()具有以下语法形式:

db.auth(<username>, <password>)

Starting in MongoDB 4.4, you can either:从MongoDB 4.4开始,您可以:

  • Omit the password to prompt the user to enter a password:省略密码以提示用户输入密码:

    db.auth( <username> )
  • Use passwordPrompt() to prompt the user to enter a password:使用passwordPrompt()提示用户输入密码:

    db.auth( <username>, passwordPrompt() )
  • Specify a cleartext password.指定明文密码。

    db.auth( <username>, <password> )

Starting in MongoDB 4.2, you can either:

  • Use passwordPrompt() to prompt the user to enter a password:使用passwordPrompt()提示用户输入密码:

    db.auth( <username>, passwordPrompt() )
  • Specify a cleartext password:指定明文密码:

    db.auth( <username>, <password> )

In MongoDB 4.0 and earlier, you must specify a cleartext password:在MongoDB 4.0及更早版本中,必须指定明文密码:

db.auth( <username>, <password> )

db.auth(<user document>)

db.auth( {
   user: <username>,
   pwd: passwordPrompt(),   // Or "<cleartext password>"
   mechanism: <authentication mechanism>,
   digestPassword: <boolean>
} )
Parameter参数Type类型Description描述
user string The name of the user with access privileges for this database.对此数据库具有访问权限的用户的名称。
pwd string

The user’s password. 用户的密码。The value can be either:该值可以是:

  • the user’s password in cleartext string, or明文字符串形式的用户密码,或
  • passwordPrompt() to prompt for the user’s password.提示输入用户密码。

Tip

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. mongo shell的4.2版开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

When using the user document syntax, you cannot omit the pwd.使用用户文档语法时,不能省略pwd

mechanism string

Optional.可选。The authentication mechanism to use.要使用的身份验证机制

For available mechanisms, see authentication mechanisms.有关可用的机制,请参阅身份验证机制

If unspecified, uses the isMaster to determine the SASL mechanism or mechanisms for the specified user. 如果未指定,则使用isMaster确定指定用户的一个或多个SASL机制。See saslSupportedMechs.请参阅saslSupportedMechs

digestPassword boolean

Optional.可选。Determines whether or not the supplied password should be pre-hashed before being used with the specified authentication mechanism.确定提供的密码在与指定的身份验证机制一起使用之前是否应进行预哈希处理。

  • For SCRAM-SHA-1, although you may specify true, setting this value to true does not improve security and may interfere with credentials using other mechanisms.对于SCRAM-SHA-1,虽然您可以指定true,但将此值设置为true不会提高安全性,并且可能会干扰使用其他机制的凭据。
  • For all other methods, this value must be set to false (default value). 对于所有其他方法,此值必须设置为false(默认值)。Any other value will result in authentication failure since those methods do not understand MongoDB pre-hashing.任何其他值都将导致身份验证失败,因为这些方法不理解MongoDB预哈希。

The default value is false.默认值为false

Note

The mongo shell excludes all db.auth() operations from the saved history.mongo shell从保存的历史记录中排除所有db.auth()操作。

Returns返回值
db.auth() returns 0 when authentication is not successful, and 1 when the operation is successful.身份验证不成功时返回0,操作成功时返回1

Behavior行为

Client Disconnection客户端断开连接

Starting in MongoDB 4.2, if the client that issued the db.auth() disconnects before the operation completes, MongoDB marks the db.auth() for termination (i.e. killOp on the operation).从MongoDB 4.2开始,如果发出db.auth()的客户端在操作完成之前断开连接,MongoDB会将db.auth()标记为终止(即操作上killOp)。

Example示例

Tip

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. mongo shell的4.2版开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

Starting in MongoDB 4.4, if you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.从MongoDB 4.4开始,如果使用db.auth(<username>, <password>)语法并省略密码,则会提示用户输入密码。

Authenticate after Connecting to the Shell连接到外壳后进行身份验证

To authenticate after connecting the mongo shell, issue db.auth() in the user’s authentication database:要在连接mongo shell后进行身份验证,请在用户的身份验证数据库中发出db.auth()

use test
db.auth( "myTestDBUser", passwordPrompt() )

Starting in MongoDB 4.4, you can omit the password value entirely to prompt the user to enter their password:从MongoDB 4.4开始,您可以完全省略password以提示用户输入密码:

use test
db.auth( "myTestDBUser" )

Authenticate when Connecting to the Shell连接到外壳时进行身份验证

Alternatively, you can use the mongo shell’s command-line options --username, --password, --authenticationDatabase, and --authenticationMechanism to specify authentication credentials when connecting the mongo shell:或者,您可以使用mongo shell的命令行选项--username--password--authenticationDatabase--authenticationMechanism来指定连接mongo shell时的身份验证凭据:

mongo --username "myTestDBUser" --password --authenticationDatabase test --authenticationMechanism SCRAM-SHA-256