I have production environment where my mongoDB is up and running and DBAs are asking us to change the password which we use for authentication. One way to do this is run the addUser command again with a new password as described in change password
> db.auth("app_user", "somepassword")
db.addUser("app_user", "new password")
This is as good as a adding a new user.
I understand that I have to restart mongod with the --auth option once I add a new user as described in but as this is a production env and I can't restart my server. Is there any other option ? or if my approach is wrong how to change the password in mongoDB
For v2.4
db.changeUserPassword("app_user", "new password")
https://groups.google.com/d/msg/mongodb-user/KkXbDCsCfOs/rk2_h-oSbAwJ
https://jira.mongodb.org/browse/DOCS-1515
MongoDB > 3.X
db.updateUser("root", {pwd: "NewRootAdmin" })
Reference: https://docs.mongodb.com/manual/reference/method/db.updateUser/
You linked to a question asking about adding authentication to MongoDB which involves starting 'mongod' with option --auth. Since you are already running with --auth the restart is not necessary in your scenario.
Just change the user password and you'll be set to go.
Starting of Mongodb 4.0, you have to use db.updateUser(), setting passwordDigestor key as "server", when updating the user password:
https://dba.stackexchange.com/questions/238847/cant-update-user-password-on-mongodb-4-0-5-use-of-scram-sha-256-requires-undig
If you have an old password and you want to change the password then user mongo --username <USERNAME> and then use db.changeUserPassword("<USERNAME>", passwordPrompt()) .
Related
I am running a local MongoDB service on Windows using WAMP64.
I want to access the db using Adminer. I cannot get thru the login page.
It keeps saying that Database does not support password, which it does as proven by me logging into the db using MongoDB Compass with the created auth uid and pw.
I have tried Adminer 4.6.3 and 4.7.6 (lastest v)
Anyone know how to get past this? Thanks.
The code that produces this message seems to be here.
What it appears to do is:
Connect with the provided username and password.
Connect with the provided username with an empty password.
If the second connection succeeds, return the "does not support password" error.
Otherwise, presumably return the first connection.
If I try to login without a password, even if mongod was not started with --auth parameter, my login fails. So I'm not sure what setup is needed to reproduce this behavior, but I suggest:
Ensuring your mongod invocation has --auth parameter.
Ensuring you are not able to connect to your server without specifying the password (i.e., unauthenticated connection fails).
The thing you need to do is to add a user. You don't have to run mongo with authentication enabled; if you add a user adminer will accept the auth and just work. Just run mongo:
db.createUser({
... user: "admin",
... pwd: "PASSWORD",
... roles: ["readWrite","dbAdmin"]
... })
and then you'll be able to log in with adminer
I have a mongodb sharded cluster, with mongos machines, mongo nodes in replicate sets and config servers. MongoDB version is 3.02
The guy that set this up left the company a while ago and now I cant do simple things like show dbs or show collections
I have OS root in all these Debian machines, so I want to know how to reset mongo's root password so I can admin the database.
The apps that access this db seem to be working fine, using a user that has low privileges. I know the password for this particular user.
This is a production setup, so I can't afford to keep it down for more than a few seconds, tops minutes.
It depends on the types of users. For example, if you are using SCRAM, the basic steps to reset password would be:
Stop the mongod nodes
Disable authorization in mongod.conf
Restart the Replica set nodes
Connect to the replica set primary node using the mongo shell
Reset the your password by db.changePassword
I think this may work:
Stop your MongoDB instance
Remove the --auth and/or --keyfile options from your MongoDB config to disable authentication
Start the instance without authentication
Edit the users as needed
Restart the instance with authentication enabled
https://dba.stackexchange.com/questions/62976/how-can-i-enter-mongo-as-a-superuser-or-reset-users
This may not be the perfect answer, because I cannot test it. The base problem is of course that, that you cannot put your system into maintenance mode, where you can change admin password... But there is config file parameter security.transitionToAuth what you can add with rolling matter to your config file(s).
A mongod or mongos running with security.transitionToAuth does not enforce user access controls. Users may connect to your deployment without any access control checks and perform read, write, and administrative operations.
There are two options here
If you plan to upgrade to 3.4 this can be done without downtime:
MongoDB 3.4 allows Enforce Keyfile Access Control in a Replica Set without Downtime
You need to start all your members with --transitionToAuth(This will allow both authenticated and non-authenticated traffic for some duration)
Login to mongo shell on primary and create a userAdmin
Logout and login again using userAdmin
Create rootAdmin
Store the password in password manager
Disable transitionToAuth (Allow only authenticated traffic to replica set)
If you need to do this with existing MongoDB without upgrade:
Stop a secondaries in the replica set in a rolling manner. Disable authentication using keyFile options
Stepdown a primary and update its configuration to disable authentication.
Update you're the application to remove username and password from application config
Restart application
Create useradmin and rootAdmin in admin DB
Save passwords in the password manager
Enable authentication in the replica set
Start your application with the old config that includes username and password
Steps
Connect to the machine hosting your MongoDB instance
Open the MongoDB configuration file found in /etc/ folder using: sudo nano mongod.conf
Comment out the following code like so:
# security:
# authorization: enabled
Stop the MongoDB service: sudo service mongod stop
Start the MongoDB service: sudo service mongod start
Connect to the database using Robo3T or equivalent. With a connection to the admin collection, create a new admin superuser:
db.createUser({ user:"admin", pwd:"password", roles:[{role:"root", db:"admin"}] });
Go back and uncomment the lines from step 3. Then repeat steps 4 and 5.
You should now be able to authenticate with the new user you created in step 6 and have full access to the database.
Troubleshooting
If for whatever reason, after trying to restart your mongo service, you cannot connect to it, you can make sure the service properly started with: systemctl --type=service --state=active. If it has started, it will be in the list as mongod.service.
Mongo logs can also be found at /var/log/mongodb/mongodb.log but this is less likely to be helpful in this situation.
I have a Parse app, and I'm trying to migrate my app's database to a MongoDB instance on mLab.
I already have a fork of Parse Server set up on Heroku, and I'm using Heroku's mLab MongoDB add-on.
I have a database on mLab called heroku_1ksph3jj, and I should be able to connect to it with the following template:
mongodb://<dbuser>:<dbpassword>#ds047124.mlab.com:47124/heroku_1ksph3jj
However, each attempt returns:
Server returned error on SASL authentication step: Authentication failed.
I'm unsure what to replace <dbuser> and <dbpassword> with. I have a database user with the same name as my database: heroku_1ksph3jjz, so I used that. And I used the password for that user in place of <dbpassword>. Should I have used something else here?
You can get the dbuser and dbpass with:
heroku config | grep MONGODB_URI
Grab the dbuser (example_user) and dbpass (example_pass) from the response:
MONGOLAB_URI: mongodb://example_user:example_pass#mlab.com:12345/db
As of March 2016, mLab.com only supports mongo 3.0+ (as per a conversation with support), because of their new onerous authentication requirements.
This was not on the website, but I hope it helps someone here!
There's a message to create a user for the specific database:
A database user is required to connect to this database. To create one now, visit the 'Users' tab and click the 'Add database user' button
I'm so sorry that this may seem obvious but, you have to remove this characters <> for the migration to work
In your example would look like this:
mongodb://dbuser:dbpassword#ds047124.mlab.com:47124/heroku_1ksph3jj
Check your mongo client version. If it is in older major version (probably 2.x), update it to 3.x
For future visitors - don't use special characters in password .Even if you change the special character to ascii or unicode it wont work for mLab using mongoose.
Also don't use mLab credential , use db user credentials . I created a new user.
Eg. For me a password containing # character was replaced with ascii value %40 in URI , which worked when using native mongodb driver.
But on using mongoose, i was always getting Authentication Failed .
I removed special characters and db was authenticated via mongoose.
It looks like it was the password that was incorrect, which I'm assuming was set up by Heroku's mLab add-on. There was no obvious way to reset this in the mLab UI, so in the end I created another database user (with a new username and password) and was able to connect with that just fine.
Just go to your Heroku dashboard and check your settings.
Under the name field there's a big button "Reveal Config Vars". Click it and you'll see a MONGODB_URI var with a uri to your db. It'll look something like this:
mongodb://heroku_user:PASSWORDyourLOOKINGfor#ds2238985.mlab.com:63295/heroku_user
Your password is right after the semicolon after the heroku user name.
I know I am too late, just for information.
For getting the info of mLab account that got auto created when mLab addon got added to the application in your heroku account, try the below command.
heroku config:get MONGODB_URI
Ref:
http://algebra.sci.csueastbay.edu/~grewe/CS6320/Mat/NodeJS/Heroku/Heroku_MLabMongoDB.html
i'm trying to set authentication on mongodb in my windows 8
i want to do the same steps as this address
How to secure MongoDB with username and password
this is want i have done
>mongod -auth
open another cmd
>mongo
>use admin
after this, i want to type db.addUser() but there's no such function...
only db.adminCommand() and db.auth()
how can i do? Thank you!
i find the reason...
cuz my mongodb is 3.0.3...there's no function called addUser()
http://docs.mongodb.org/manual/tutorial/add-user-administrator/
Is there any way to reset a meteor password if I lose the password? If someone finds out a password I'm using will I be able to recover my site?
Thanks!
Yes this is not very intuitive as the command-line meteor help login tells you nothing.
You can go here:
https://www.meteor.com/account-settings
click sign in in the upper right. Click forgot password!
As per the meteor docs:
You can change the password by running meteor deploy --password again, which will first prompt for the current password, then for a new password.
As for your second question, you'll always be able to re-deploy your local version of the site.