Using SSL and Kerberos authentication with MongoDB
To secure your authentication parameters, store the entire Security Config string in a vault (see use Using vaults). For example, assuming your Kerberos realm is MYREALM.COM
, its KDC is kerberos.realm.com
, the path to the SSL trust store is /cacerts
, the path to the SSL keystore file is /client.pkcs12
, and the passwords for both stores is MyPassword
, the Striim console commands to store the Security Config string with the key SSLKerberos in a vault named MongoDBVault would be:
CREATE VAULT MongoDBVault; WRITE INTO MongoDBVault ( vaultKey: "SSLKerberos", vaultValue: "RealmName:MYREALM.COM; KDC:kerberos.myrealm.com; KeyStore:/keystore.pkcs12; TrustStore:/cacerts; trustStorePassword:MyPassword; KeyStorePassword:MyPassword" )
Enter READ ALL FROM MongoDBVault;
to verify the contents.
You would then specify the Security Config as [[MongoDBVault.SSLKerberos]]
.