On this page本页内容
Authentication is the process of verifying the identity of a client. 身份验证是验证客户端身份的过程。When access control (authorization) is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.当启用访问控制(授权)时,MongoDB要求所有客户端进行身份验证,以确定其访问权限。
Although authentication and authorization are closely connected, authentication is distinct from authorization:虽然身份验证和授权密切相关,但身份验证与授权不同:
To get started using access control, follow these tutorials:要开始使用访问控制,请遵循以下教程:
Salted Challenge Response Authentication Mechanism (SCRAM) is the default authentication mechanism for MongoDB.Salted挑战-响应身份验证机制(SCRAM)是MongoDB的默认身份验证机制。
For more information on SCRAM and MongoDB, see:有关SCRAM和MongoDB的更多信息,请参阅:
MongoDB supports x.509 certificate authentication for client authentication and internal authentication of the members of replica sets and sharded clusters. MongoDB支持x.509证书身份验证,用于客户端身份验证和副本集和分片集群成员的内部身份验证。x.509 certificate authentication requires a secure TLS/SSL connection.x.509证书身份验证需要安全的TLS/SSL连接。
To use MongoDB with x.509, you must use valid certificates generated and signed by a certificate authority. 要将MongoDB与x.509一起使用,必须使用由证书颁发机构生成并签名的有效证书。The client x.509 certificates must meet the client certificate requirements.客户端x.509证书必须满足客户端证书要求。
For more information on x.509 and MongoDB, see:有关x.509和MongoDB的更多信息,请参阅:
MongoDB Enterprise and MongoDB Atlas support Kerberos Authentication. MongoDB Enterprise和MongoDB Atlas支持Kerberos身份验证。Kerberos is an industry standard authentication protocol for large client/server systems that provides authentication using short-lived tokens that are called tickets.Kerberos是大型客户机/服务器系统的行业标准身份验证协议,它使用称为票据的短期令牌提供身份验证。
To use MongoDB with Kerberos, you must have a properly configured Kerberos deployment, configured Kerberos service principals for MongoDB, and a Kerberos user principal added to MongoDB.要将MongoDB与Kerberos一起使用,您必须具有正确配置的Kerberos部署、为MongoDB配置的Kerberos服务主体以及添加到MongoDB的Kerberos用户主体。
For more information on Kerberos and MongoDB, see:有关Kerberos和MongoDB的更多信息,请参阅:
MongoDB Enterprise and MongoDB Atlas support LDAP Proxy Authentication proxy authentication through a Lightweight Directory Access Protocol (LDAP) service.MongoDB企业版和MongoDB Atlas通过轻量级目录访问协议(LDAP)服务支持LDAP代理身份验证代理身份验证。
For more information on Kerberos and MongoDB, see:有关Kerberos和MongoDB的更多信息,请参阅:
These mechanisms allow MongoDB to integrate into your existing authentication system.这些机制允许MongoDB集成到您现有的身份验证系统中。
In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to authenticate their membership to their respective replica set or sharded cluster. 除了验证客户机的身份之外,MongoDB还可以要求副本集和分片集群的成员对其各自的副本集或分片集群进行身份验证。See Internal/Membership Authentication for more information.有关详细信息,请参阅内部/成员身份验证。