==================================
Configuring MongoDB authentication
==================================


By default, MongoDB does not require a username or password to access
or modify the database. We recommend enabling and configuring
mandatory authentication.

#. Open a MongoDB shell::

    mongo

#. Repository requires read/write access to the database ``binstar``.
   Enter the following commands into the MongoDB shell to create an
   administrative user and a service user::

    use admin

#. Create an administrative user to manage database users::

    db.createUser({user:'siteUserAdmin', pwd: '<secure password #1>', roles:['userAdminAnyDatabase']})



#. Authorize as that user to verify the password::

    db.auth('siteUserAdmin', '<secure password #1>')

#. Create a service user for Repository::

    db.createUser({user:'anaconda', pwd: '<secure password #2>', roles:[{db:'binstar', role:'readWrite'}]})



#. Enable mandatory authentication in MongoDB:

   * If you are using the legacy MongoDB configuration format,
     add the `auth
     <https://docs.mongodb.com/v2.4/reference/configuration-options/#auth>`_
     key to ``/etc/mongod.conf``::

       auth=true

   * If you are using the current MongoDB configuration format,
     add the `security.authorization
     <https://docs.mongodb.com/v2.6/reference/configuration-options/#security.authorization>`_
     key to ``/etc/mongod.conf``::

       security:
           authorization: enabled

#. Restart MongoDB to reload the configuration::

     sudo service mongod restart

NOTE: For more information about MongoDB authentication and
authorization, see
https://docs.mongodb.com/v2.6/core/authentication/ and
https://docs.mongodb.com/v2.6/core/authorization/.
