SCRAM
On this page
此页面
NOTE
Starting in version 4.0, MongoDB removes support for the deprecated MongoDB Challenge-Response (MONGODB-CR
) authentication mechanism.
If your deployment has user credentials stored in MONGODB-CR
schema, you must upgrade to SCRAM before you upgrade to version 4.0. For information on upgrading to SCRAM
, see Upgrade to SCRAM.
Salted Challenge Response Authentication Mechanism (SCRAM) is the default authentication mechanism for MongoDB. SCRAM is based on the IETF RFC 5802 standard that defines best practices for implementation of challenge-response mechanisms for authenticating users with passwords.
Using SCRAM, MongoDB verifies the supplied user credentials against the user’s name
, password
and authentication database
. The authentication database is the database where the user was created, and together with the user’s name, serves to identify the user.
注意 从4.0版本开始,MongoDB删除了对已弃用的MongoDB质询-响应(
MONGODB-CR
)身份验证机制的支持。 如果您的部署有存储在MONGODB-CR
模式中的用户凭证,您必须在升级到SCRAM_之前_升级到MongoDB4.0版本。有关升级到SCRAM
的信息,请参阅升级到SCRAM 。 严肃的询问响应身份验证机制(SCRAM)是MongoDB的默认身份验证机制。SCRAM基于IETF RFC 5802 标准,该标准定义了实现询问-响应机制的最佳实践,用于对用户进行密码验证。 使用SCRAM,MongoDB验证所提供的用户凭证name
,password
和authentication database
。身份验证数据库是创建用户的数据库,它与用户名一起用于标识用户。
Features
MongoDB’s implementation of SCRAM provides:
A tunable work factor (i.e. the iteration count),
Per-user random salts, and
Authentication of the server to the client as well as the client to the server.
特征
MongoDB的SCRAM实现提供:
可调的工作因素(如:迭代计数),
每个用户随机salts,和
服务器对客户端的认证,以及客户对服务器的认证。
SCRAM Mechanisms
MongoDB supports the following SCRAM mechanisms:
SCRAM Mechanism | Description |
---|---|
| Uses the SHA-1 hashing function.To modify the iteration count for |
| Uses the SHA-256 hashing function and requires featureCompatibilityVersion ( |
When creating or updating a SCRAM user, you can indicate the specific SCRAM mechanism as well as indicate whether the server or the client digests the password. When using SCRAM-SHA-256
, MongoDB requires server-side password hashing, i.e. the server digests the password. For details, see db.createUser()
and db.updateUser()
.
SCRAM机制
MongoDB支持如下SCRAM机制:
SCRAM机制 | 描述 |
---|---|
| 使用SHA-1哈希函数。要修改 |
| 使用SHA-256哈希函数,并要求特性兼容版本( |
在创建或更新SCRAM用户时,指示特定的SCRAM机制,以及指示是服务器还是客户端摘要密码。当使用SCRAM-SHA-256
时,MongoDB需要服务器端密码散列,即服务器摘要密码。详细信息,请参见 db.createUser()
和 db.updateUser()
。
Driver Support
To use SCRAM, you must upgrade your driver if your current driver version does not support SCRAM
.
The minimum driver versions that support SCRAM
are:
Driver Language | Version | Driver Language | Version |
---|---|---|---|
驱动支持
如果您当前的驱动程序版本不支持SCRAM
,您必须升级驱动程序才能使用SCRAM。 支持SCRAM
的最小驱动程序版本如下所示:
Driver Language | Version | Driver Language | Version |
---|---|---|---|
Additional Information
其它信息
英文原文地址:https://docs.mongodb.com/v4.2/core/security-scram/
译者:管祥青
最后更新于