Docs HomeMongoDB Manual

db.auth()

On this page本页内容

Definition定义

db.auth()

Allows a user to authenticate to the database from within the shell.允许用户从shell中对数据库进行身份验证。

Tip

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. 从mongoshell的4.2版本开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongoshell一样直接指定密码。

Starting in MongoDB 4.4, if you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.从MongoDB 4.4开始,如果使用db.auth(<username>, <password>)语法并省略密码,则会提示用户输入密码。

Syntax语法

The db.auth() has the following syntax forms:db.auth()具有以下语法形式:

db.auth(<username>, <password>)

MongoDB 4.4MongoDB 4.2

Starting in MongoDB 4.4, you can either:从MongoDB 4.4开始,您可以:

  • Omit the password to prompt the user to enter a password:省略密码以提示用户输入密码:

    db.auth( <username> )

  • Use passwordPrompt() to prompt the user to enter a password:使用passwordPrompt()提示用户输入密码:

    db.auth( <username>, passwordPrompt() )

  • Specify a cleartext password.指定明文密码。

    db.auth( <username>, <password> )

Starting in MongoDB 4.2, you can either:从MongoDB 4.2开始,您可以:

  • Use passwordPrompt() to prompt the user to enter a password:使用passwordPrompt()提示用户输入密码:

    db.auth( <username>, passwordPrompt() )

  • Specify a cleartext password:指定明文密码:

    db.auth( <username>, <password> )

db.auth(<user document>)

db.auth( {
   user: <username>,
   pwd: passwordPrompt(),   // Or "<cleartext password>"
   mechanism: <authentication mechanism>,
   digestPassword: <boolean>
} )
Parameter参数Type类型Description描述
userstringThe name of the user with access privileges for this database.对此数据库具有访问权限的用户的名称。
pwdstringThe user's password. The value can be either:用户的密码。该值可以是:
  • the user's password in cleartext string, or明文字符串中的用户密码,或
  • passwordPrompt() to prompt for the user's password.以提示输入用户的密码。
Tip
Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. However, you can still specify the password directly as you would with earlier versions of the mongo shell.从mongoshell的4.2版本开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。但是,您仍然可以像使用早期版本的mongoshell一样直接指定密码。
When using the user document syntax, you cannot omit the pwd. 使用用户文档语法时,不能省略pwd
mechanismstringOptional.可选的。The authentication mechanism to use.要使用的身份验证机制
For available mechanisms, see authentication mechanisms.有关可用机制,请参阅身份验证机制
If unspecified, uses the hello command to determine the SASL mechanism or mechanisms for the specified user. See saslSupportedMechs. 如果未指定,则使用hello命令来确定指定用户的SASL机制。请参阅saslSupportedMechs
digestPasswordbooleanOptional.可选的。Determines whether or not the supplied password should be pre-hashed before being used with the specified authentication mechanism. 确定提供的密码在与指定的身份验证机制一起使用之前是否应进行预哈希处理。
  • For SCRAM-SHA-1, although you may specify true, setting this value to true does not improve security and may interfere with credentials using other mechanisms.对于SCRAM-SHA-1,尽管您可以指定true,但将此值设置为true并不能提高安全性,而且可能会干扰使用其他机制的凭据。
  • For all other methods, this value must be set to false (default value). 对于所有其他方法,此值必须设置为false(默认值)。Any other value will result in authentication failure since those methods do not understand MongoDB pre-hashing.任何其他值都将导致身份验证失败,因为这些方法不理解MongoDB预哈希。
The default value is false. 默认值为false
Note

mongosh excludes all db.auth() operations from the saved history.mongosh从保存的历史记录中排除所有db.auth()操作。

Returns返回值:
db.auth() returns 0 when authentication is not successful, and 1 when the operation is successful.db.auth()在身份验证不成功时返回0,在操作成功时返回1

Behavior行为

Client Disconnection客户端断开连接

Starting in MongoDB 4.2, if the client that issued db.auth() disconnects before the operation completes, MongoDB marks db.auth() for termination using killOp.从MongoDB 4.2开始,如果在操作完成之前发出db.auth()的客户端断开连接,MongoDB会使用killOp标记db.auth()终止。

Example实例

Tip

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. 从mongoshell的4.2版本开始,您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongoshell一样直接指定密码。

Starting in MongoDB 4.4, if you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.从MongoDB 4.4开始,如果使用db.auth(<username>, <password>)语法并省略密码,则会提示用户输入密码。

Authenticate after Connecting to the Shell连接到外壳后进行身份验证

To authenticate after connecting mongosh, issue db.auth() in the user's authentication database:要在连接mongosh后进行身份验证,请在用户的身份验证数据库中发出db.auth()

use test
db.auth( "myTestDBUser", passwordPrompt() )

Starting in MongoDB 4.4, you can omit the password value entirely to prompt the user to enter their password:从MongoDB 4.4开始,您可以完全省略password值,以提示用户输入密码:

use test
db.auth( "myTestDBUser" )

Starting in MongoDB 5.0, if your connection specifies the --apiStrict option, you may not use the db.auth() method to:从MongoDB 5.0开始,如果您的连接指定了--apiStrict选项,则可能不会使用db.auth()方法:

  • Authenticate again as the same user on the same database.以同一数据库上的同一用户身份再次进行身份验证。
  • Authenticate as a different user when previously authenticated on the same database.以前在同一数据库上进行身份验证时,以不同用户身份进行身份验证。
  • Authenticate with a new database when previously authenticated on a different database.以前在其他数据库上进行身份验证时,使用新数据库进行身份验证。

Authenticate when Connecting to the Shell连接到外壳时进行身份验证

Alternatively, you can use mongosh's command-line options --username, --password, --authenticationDatabase, and --authenticationMechanism to specify authentication credentials when connecting mongosh:或者,您可以使用mongosh的命令行选项--username--password--authenticationDatabase--authenticationMechanism在连接mongosh时指定身份验证凭据:

mongosh --username "myTestDBUser" --password --authenticationDatabase test --authenticationMechanism SCRAM-SHA-256