MongoDB 2.4 Replica set with authorization

Question

How to set up proper authorization for mongodb 2.4.1. My setup seem to be not working. Replica members config:

dbpath = /vol/data/mongodb/

# logfile
logpath   = /var/log/mongodb/mongodb.log
logappend = true

# socket
bind_ip = 0.0.0.0
port = 27018

# replication
replSet = <%= hostname[14,4] %>

# authentication
keyFile = /etc/mongodb.pass

# turn off legacy privilege mode
setParameter = supportCompatibilityFormPrivilegeDocuments=false
setParameter = textSearchEnabled=false

# turn off authorization
auth = true

After adding user authorization:

> use admin
> db.addUser( { user: "admin", pwd: "xxx", roles: [ "userAdminAnyDatabase", "readWriteAnyDatabase", "dbAdminAnyDatabase" ] } )

I can't access to rs.* commands.

> use admin
> db.auth('admin','xxx')
1
> rs.status()
{ "ok" : 0, "errmsg" : "unauthorized" }

Answer 1

I too was dealing with the same sort of problem.I have a solution for it.

Turn off auth

1.Create a user with root privilege

Root privilege yields readWrite access to database while userAdminAnyDatabase role doesn't.

use admin
db.createUser( {
    user: "root",
    pwd: "pass",
    roles: [ { role: "root", db: "admin" } ]
  });

Turn on auth

2.Login with the root user

mongo -u root --authenticationDatabase admin -p 

Then you can execute your commands.

Hope this helps :)

Answer 2

I think you need to use a keyFile if you have a replicaset.

Taken from http://docs.mongodb.org/manual/tutorial/enable-authentication/ :

Enable authentication using the auth or keyFile settings. Use auth for standalone instances, and keyFile with replica sets and sharded clusters. keyFile implies auth and allows members of a MongoDB deployment to authenticate internally.