流星和MongoDB:身份验证失败 [英] Meteor and MongoDB: Authentication failures
问题描述
如果我在本地运行Meteor,则效果很好.如果我用没有username:password的MONGO_URL来调用Meteor,它也可以很好地工作.但是,如果我打开MongoDB身份验证并重新启动,然后像MONGO_URL="mongodb://username:password@127.0.0.1:27017/meteor"中那样设置username:password来运行Meteor,则在加载Meteor时会出现身份验证失败.我检查了用户名和密码是否正确.我读过,Meteor和MongoDB身份验证可能存在问题,所以有人对此有任何信息吗?我正在使用以下版本:
If I run Meteor locally it works perfectly. If I call Meteor with a MONGO_URL that has no username:password it works perfectly too. However, if I turn on the MongoDB authentication and restart and then run Meteor with the username:password set, as in MONGO_URL="mongodb://username:password@127.0.0.1:27017/meteor", then I get an authentication failure as Meteor loads. I have checked that the username and password are correct. I have read that there maybe problems with Meteor and MongoDB authentication so does anyone have any information on this? I am using the following versions:
流星-1.0.3.2 MongoDB-2.6.7(通过brew安装)
Meteor - 1.0.3.2 MongoDB - 2.6.7 (installed via brew)
I20150304-21:48:00.597(1)? Exception in callback of async function: MongoError: auth failed
I20150304-21:48:00.598(1)? at Object.toError (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/utils.js:110:11)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1128:31
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/db.js:1843:9
I20150304-21:48:00.598(1)? at Server.Base._callHandler (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/base.js:445:41)
I20150304-21:48:00.598(1)? at /Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:468:18
I20150304-21:48:00.598(1)? at [object Object].MongoReply.parseBody (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/server.js:426:20)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:95:17)
I20150304-21:48:00.599(1)? at [object Object].<anonymous> (/Users/me/.meteor/packages/mongo/.1.0.11.1hg8e3j++os+web.browser+web.cordova/npm/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:201:13)
I20150304-21:48:00.599(1)? at [object Object].emit (events.js:98:17)
================================================ ==
=================================================
我以为我对上述问题有一个答案,但可惜没有,我提出了建议的更改,但仍然无法通过身份验证.因此,提供更多详细信息:
I thought I had an answer to the above but alas not, I made suggested changes and I still could not authenticate. So, to provide more details:
- 我已升级到MonogoDB 3.0.0
- 我删除数据库,以便创建一个全新的数据库.
-
我的配置文件如下:
- I have upgraded to MonogoDB 3.0.0
- I delete the database so that a brand new one was created.
My config file is as follows:
systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
security:
authorization: enabled
在管理员"数据库上,已创建超级用户",如下所示:
On the "admin" database a "super user" has been created as follows:
use admin
db.createUser({user: "superuser", pwd: "password", roles:["root"]})use admin
然后我在流星"数据库上创建了一个用户
I then created a user on the "meteor" database
db.auth("superuser", "password")
use meteor
db.createUser({user: "meteor", pwd: "password", roles: [{ role: "readWrite", db: "meteor"}]})
以上步骤生成:
The above step generates:
Successfully added user: {
"user" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
如果我执行db.getUsers(),我会收到消息:
If I perform a db.getUsers() I get the message:
[
{
"_id" : "meteor.meteor",
"user" : "meteor",
"db" : "meteor",
"roles" : [
{
"role" : "readWrite",
"db" : "meteor"
}
]
}
]
如果我注释掉配置中的两条安全线,那么我可以使用mongodb:127.0.0.1:27017/meteor从Meteor或RoboMongo毫无问题地访问MongoDB.如果取消注释配置中的两条安全线,则无法再使用mongodb://meteor:password@127.0.0.1:27017/meteor从Meteor或MongoDB访问MongoDB.在最后一个实例中,我继续收到认证失败的消息.在MongoDB日志中,我有:
If I comment out the two security lines in the config then I can access MongoDB from Meteor or RoboMongo without a problem - using mongodb:127.0.0.1:27017/meteor. If I uncomment the two security lines in the config then I can no longer access MongoDB from either Meteor or MongoDB - using mongodb://meteor:password@127.0.0.1:27017/meteor. In the last instance I continue to get the message that authentication failed. In the MongoDB logs I have:
authenticate db: meteor { authenticate: 1, nonce: "xxx", user: "meteor", key: "xxx" }
2015-03-08T14:34:44.909+0100 I ACCESS [conn7] Failed to authenticate meteor@meteor with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user meteor@meteor
更新
下面的答案和上面的配置适用于v2.6.7
Update
The answer below and the configuration above work on v2.6.7
推荐答案
我没有看到您所描述的问题,也没有看到代码或不知道您是如何打开" MongoDB身份验证的,所以我想猜-因此,让我们集中讨论一下使事情对我有用.
I haven't seen the issues you describe and without seeing code or knowing how you "turned on" MongoDB authentication I need to guess - so let's focus on what made things work for me.
您应该检查用户的创建位置.在MongoDB中,有多个数据库,每个数据库都有自己的用户.使用连接字符串时
You should check where the user was created. In MongoDB there are multiple databases, each having their own users. When using your connection string
mongodb://username:password@127.0.0.1:27017/meteor
您正在针对meteor数据库进行身份验证.使用RoboMongo之类的工具,我将检查用户是否实际上在该数据库中,或者您是否在admin(或任何其他)数据库中创建了该用户.
you are authenticating against the meteor database. Using a tool such as RoboMongo I'd check if the user is actually inside that database or whether you created it inside the admin (or any other) database.
作为一个简短的摘要:
保护MongoDB安全时,您需要设置一个管理员帐户,更改其中包含auth = true行的mongodb.conf文件,然后重新启动.然后,使用管理员帐户创建一个新的(低特权)db用户,该用户只能访问meteor数据库.您可以使用这样的命令行(在您的问题中输入2.6的代码,这将是下一个Meteor版本的默认代码)来完成此操作:
As a quick rundown:
When securing MongoDB you need to set an admin account, change the mongodb.conf file that it contains the line auth = true and restart. Then using the admin account you create a new (low-privilege) db user that has only access to the meteor database. You can do this using the command line like this (code for 2.6 as this was in your questions and will be default for next Meteor version):
db.createUser(
{ user: "username",
pwd: "password",
roles: [
{ role: "readwrite", db: "meteor" }
]
})
如果您在与Meteor相同的框中运行mongod,我认为我们可以安全地排除net.port或net.bindIp config设置中的任何问题,而DB根本不会监听请求.
If you run mongod on the same box as Meteor I think we can safely rule out any issues with net.port or net.bindIpconfig settings where the DB would simply not listen to requests.
如果您执行了所有这些操作并重新启动了MongoDB,则项目内部的meteor reset可能有助于修复任何问题.
If you did all this and restarted MongoDB, perhaps a meteor reset inside your projects can help fix anything.
这篇关于流星和MongoDB:身份验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
