Database Manual / Reference / mongosh Methods / User Management

db.auth() (mongosh method方法)

Definition定义

db.auth()

Allows a user to authenticate to the database from within the shell.允许用户在shell中对数据库进行身份验证。

Tip

You can use the passwordPrompt() method in conjunction with various user authentication management methods and commands to prompt for the password instead of specifying the password directly in the method or command call. However, you can still specify the password directly as you would with earlier versions of the mongo shell.您可以将passwordPrompt()方法与各种用户身份验证管理方法和命令结合使用,以提示输入密码,而不是直接在方法或命令调用中指定密码。但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

If you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.如果使用db.auth(<username>, <password>)语法并省略密码,系统会提示用户输入密码。

Compatibility兼容性

This method is available in deployments hosted in the following environments:此方法在以下环境中托管的部署中可用:

Important

This command is not supported in MongoDB Atlas clusters. MongoDB Atlas集群不支持此命令。For information on Atlas support for all commands, see Unsupported Commands.有关Atlas支持所有命令的信息,请参阅不支持的命令

  • MongoDB Enterprise: The subscription-based, self-managed version of MongoDB:MongoDB的基于订阅的自我管理版本
  • MongoDB Community: The source-available, free-to-use, and self-managed version of MongoDB:MongoDB的源代码可用、免费使用和自我管理版本

Syntax语法

The db.auth() has the following syntax forms:db.auth()具有以下语法形式:

db.auth(<username>, <password>)

You can either:您可以:

  • Omit the password to prompt the user to enter a password:省略密码以提示用户输入密码:

    db.auth( <username> )

  • Use passwordPrompt() to prompt the user to enter a password:使用passwordPrompt()提示用户输入密码:

    db.auth( <username>, passwordPrompt() )

  • Specify a cleartext password.指定明文密码。

    db.auth( <username>, <password> )

db.auth(<user document>)

db.auth( {
   user: <username>,
   pwd: passwordPrompt(),   // Or "<cleartext password>"
   mechanism: <authentication mechanism>,
   digestPassword: <boolean>
} )
Parameter参数Type类型Description描述
userstring字符串The name of the user with access privileges for this database.具有此数据库访问权限的用户的名称。
pwdstring字符串

The user's password. The value can be either:用户的密码。该值可以是:

  • the user's password in cleartext string, or明文字符串形式的用户密码,或

  • passwordPrompt() to prompt for the user's password.提示输入用户密码。

    You can use the passwordPrompt() method in conjunction with various user authentication management methods and commands to prompt for the password instead of specifying the password directly in the method or command call. However, you can still specify the password directly as you would with earlier versions of the mongo shell.您可以将passwordPrompt()方法与各种用户身份验证管理方法和命令结合使用,以提示输入密码,而不是直接在方法或命令调用中指定密码。但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

mechanismstring字符串

Optional. 可选。The authentication mechanism to use.要使用的身份验证机制

For available mechanisms, see authentication mechanisms.有关可用机制,请参阅身份验证机制

If unspecified, uses the hello command to determine the SASL mechanism or mechanisms for the specified user. See saslSupportedMechs.如果未指定,则使用hello命令确定指定用户的SASL机制。请参阅saslSupportedMechs

digestPasswordboolean布尔值

Optional. 可选。Determines whether or not the supplied password should be pre-hashed before being used with the specified authentication mechanism.确定提供的密码在与指定的身份验证机制一起使用之前是否应进行预散列。

  • For SCRAM-SHA-1, although you may specify true, setting this value to true does not improve security and may interfere with credentials using other mechanisms.对于SCRAM-SHA-1,虽然您可以指定true,但将此值设置为true并不能提高安全性,并且可能会干扰使用其他机制的凭据。
  • For all other methods, this value must be set to false (default value). Any other value will result in authentication failure since those methods do not understand MongoDB pre-hashing.对于所有其他方法,此值必须设置为false(默认值)。任何其他值都会导致身份验证失败,因为这些方法不理解MongoDB预散列。

The default value is false.默认值为false

Note

mongosh excludes all db.auth() operations from the saved history.从保存的历史记录中排除所有db.auth()操作。

Returns返回
db.auth() returns 0 when authentication is not successful, and 1 when the operation is successful.db.auth()在身份验证不成功时返回0,在操作成功时返回1

Behavior行为

Client Disconnection客户端断开连接

If the client that issued db.auth() disconnects before the operation completes, MongoDB marks db.auth() for termination using killOp.如果发出db.auth()的客户端在操作完成之前断开连接,MongoDB将使用killOp标记db.auth()

Example示例

Tip

You can use the passwordPrompt() method in conjunction with various user authentication management methods and commands to prompt for the password instead of specifying the password directly in the method or command call. However, you can still specify the password directly as you would with earlier versions of the mongo shell.您可以将passwordPrompt()方法与各种用户身份验证管理方法和命令结合使用,以提示输入密码,而不是直接在方法或命令调用中指定密码。但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

If you use the db.auth(<username>, <password>) syntax and omit the password, the user is prompted to enter a password.如果使用db.auth(<username>, <password>)语法并省略密码,系统会提示用户输入密码。

Authenticate after Connecting to the Shell连接到Shell后进行身份验证

To authenticate after connecting mongosh, issue db.auth() in the user's authentication database:要在连接mongosh后进行身份验证,请在用户的身份验证数据库中发出db.auth()

use test
db.auth( "myTestDBUser", passwordPrompt() )

You can omit the password value entirely to prompt the user to enter their password:您可以完全省略password值以提示用户输入密码:

use test
db.auth( "myTestDBUser" )

Starting in MongoDB 5.0, if your connection specifies the --apiStrict option, you may not use the db.auth() method to:从MongoDB 5.0开始,如果连接指定了--apiStrict选项,则可能无法使用db.auth()方法来:

  • Authenticate again as the same user on the same database.在同一数据库中再次以同一用户身份进行身份验证。
  • Authenticate as a different user when previously authenticated on the same database.在之前在同一数据库上进行身份验证时,以不同用户的身份进行身份验证。
  • Authenticate with a new database when previously authenticated on a different database.以前在其他数据库上进行身份验证时,使用新数据库进行身份验证。

Authenticate when Connecting to the Shell连接到Shell时进行身份验证

Alternatively, you can use mongosh's command-line options --username, --password, --authenticationDatabase, and --authenticationMechanism to specify authentication credentials when connecting mongosh:或者,您可以在连接mongosh时使用mongosh的命令行选项--username--password--authenticationDatabase--authenticationDatabase指定身份验证凭据:

mongosh --username "myTestDBUser" --password --authenticationDatabase test --authenticationMechanism SCRAM-SHA-256