python-pymongo-doc 2.6.3-1build1 / usr / share / doc / python-pymongo-doc / html / _sources / examples / authentication.txt

This file is indexed.

/usr/share/doc/python-pymongo-doc/html/_sources/examples/authentication.txt is in python-pymongo-doc 2.6.3-1build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
Authentication Examples
=======================

MongoDB supports several different authentication mechanisms. These examples
cover all authentication methods currently supported by PyMongo, documenting
Python module and MongoDB version dependencies.

MONGODB-CR
----------
MONGODB-CR is the default authentication mechanism supported by a MongoDB
cluster configured for authentication. Authentication is per-database and
credentials can be specified through the MongoDB URI or passed to the
:meth:`~pymongo.database.Database.authenticate` method::

  >>> from pymongo import MongoClient
  >>> client = pymongo.MongoClient('example.com')
  >>> client.the_database.authenticate('user', 'password')
  True
  >>>
  >>> uri = "mongodb://user:password@example.com/the_database"
  >>> client = pymongo.MongoClient(uri)
  >>>

When using MongoDB's delegated authentication features, a separate
authentication source can be specified (using PyMongo 2.5 or newer)::

  >>> from pymongo import MongoClient
  >>> client = pymongo.MongoClient('example.com')
  >>> client.the_database.authenticate('user',
  ...                                  'password',
  ...                                  source='source_database')
  True
  >>>
  >>> uri = "mongodb://user:password@example.com/?authSource=source_database"
  >>> client = pymongo.MongoClient(uri)
  >>>

MONGODB-X509
------------
.. versionadded:: 2.6

The MONGODB-X509 mechanism authenticates a username derived from the
distinguished subject name of the X.509 certificate presented by the driver
during SSL negotiation. This authentication method requires the use of SSL
connections with certificate validation and is available in MongoDB 2.5.1
and newer::

  >>> import ssl
  >>> from pymongo import MongoClient
  >>> client = pymongo.MongoClient('example.com',
  ...                              ssl=True,
  ...                              ssl_certfile='/path/to/client.pem',
  ...                              ssl_cert_reqs=ssl.CERT_REQUIRED,
  ...                              ssl_ca_certs='/path/to/ca.pem')
  >>> client.the_database.authenticate("<X.509 derived username>",
  ...                                  mechanism='MONGODB-X509')
  True
  >>>

MONGODB-X509 authenticates against the $external virtual database, so you
do not have to specify a database in the URI::

  >>> uri = "mongodb://<X.509 derived username>@example.com/?authMechanism=MONGODB-X509"
  >>> client = pymongo.MongoClient(uri,
  ...                              ssl=True,
  ...                              ssl_certfile='/path/to/client.pem',
  ...                              ssl_cert_reqs=ssl.CERT_REQUIRED,
  ...                              ssl_ca_certs='/path/to/ca.pem')
  >>>

.. note::
   If you are using CPython 2.4 or 2.5 you must install the python
   `ssl module`_ using easy_install or pip.

.. _ssl module: https://pypi.python.org/pypi/ssl/

.. _use_kerberos:

GSSAPI (Kerberos)
-----------------
.. versionadded:: 2.5

GSSAPI (Kerberos) authentication is available in the Enterprise Edition of
MongoDB, version 2.4 and newer. To authenticate using GSSAPI you must first
install the python `kerberos module`_ using easy_install or pip. Make sure
you run kinit before using the following authentication methods::

  $ kinit mongodbuser@EXAMPLE.COM
  mongodbuser@EXAMPLE.COM's Password: 
  $ klist
  Credentials cache: FILE:/tmp/krb5cc_1000
          Principal: mongodbuser@EXAMPLE.COM

    Issued                Expires               Principal
  Feb  9 13:48:51 2013  Feb  9 23:48:51 2013  krbtgt/EXAMPLE.COM@EXAMPLE.COM

Now authenticate using the MongoDB URI. GSSAPI authenticates against the
$external virtual database so you do not have to specify a database in the
URI::

  >>> # Note: the kerberos principal must be url encoded.
  >>> import pymongo
  >>> uri = "mongodb://mongodbuser%40EXAMPLE.COM@example.com/?authMechanism=GSSAPI"
  >>> client = pymongo.MongoClient(uri)
  >>>

or using :meth:`~pymongo.database.Database.authenticate`::

  >>> import pymongo
  >>> client = pymongo.MongoClient('example.com')
  >>> db = client.test
  >>> db.authenticate('mongodbuser@EXAMPLE.COM', mechanism='GSSAPI')
  True

The default service name used by MongoDB and PyMongo is `mongodb`. You can
specify a custom service name with the ``gssapiServiceName`` option::

  >>> import pymongo
  >>> uri = "mongodb://mongodbuser%40EXAMPLE.COM@example.com/?authMechanism=GSSAPI&gssapiServiceName=myservicename"
  >>> client = pymongo.MongoClient(uri)
  >>>
  >>> client = pymongo.MongoClient('example.com')
  >>> db = client.test
  >>> db.authenticate('mongodbuser@EXAMPLE.COM', mechanism='GSSAPI', gssapiServiceName='myservicename')
  True

.. note::
   Kerberos support is only provided in environments supported by the python
   `kerberos module`_. This currently limits support to CPython 2.x and Unix
   environments.

.. _kerberos module: http://pypi.python.org/pypi/kerberos

SASL PLAIN (RFC 4616)
---------------------
.. versionadded:: 2.6

MongoDB Enterprise Edition versions 2.5.0 and newer support the SASL PLAIN
authentication mechanism, initially intended for delegating authentication
to an LDAP server. Using the PLAIN mechanism is very similar to MONGODB-CR.
These examples use the $external virtual database for LDAP support::

  >>> from pymongo import MongoClient
  >>> client = pymongo.MongoClient('example.com')
  >>> client.the_database.authenticate('user',
  ...                                  'password',
  ...                                  source='$external',
  ...                                  mechanism='PLAIN')
  True
  >>>
  >>> uri = "mongodb://user:password@example.com/?authMechanism=PLAIN&authSource=$external"
  >>> client = pymongo.MongoClient(uri)
  >>>

SASL PLAIN is a clear-text authentication mechanism. We **strongly** recommend
that you connect to MongoDB using SSL with certificate validation when using
the SASL PLAIN mechanism::

  >>> import ssl
  >>> from pymongo import MongoClient
  >>> client = pymongo.MongoClient('example.com',
  ...                              ssl=True,
  ...                              ssl_certfile='/path/to/client.pem',
  ...                              ssl_cert_reqs=ssl.CERT_REQUIRED,
  ...                              ssl_ca_certs='/path/to/ca.pem')
  >>> client.the_database.authenticate('user',
  ...                                  'password',
  ...                                  source='$external',
  ...                                  mechanism='PLAIN')
  True
  >>>
  >>> uri = "mongodb://user:password@example.com/?authMechanism=PLAIN&authSource=$external"
  >>> client = pymongo.MongoClient(uri,
  ...                              ssl=True,
  ...                              ssl_certfile='/path/to/client.pem',
  ...                              ssl_cert_reqs=ssl.CERT_REQUIRED,
  ...                              ssl_ca_certs='/path/to/ca.pem')
  >>>

APT Browse - Built by Thomas Orozco.