As of this writing, MongoDB offers the following authentication mechanisms:
- X.509 certificates
- LDAP with AD or OpenLDAP leveraging SASL
What's the business problem here?However, typically the folks dealing with apps and databases are not experts on authentication. This means cognitive, cooperation and coordination issues and obviously time-to-production challenges.
In addition, if your Linux/UNIX infrastructure does not implement a robust set of access control technologies, each additional node adds to the problem.
This post covers
- SASL (plain) integration leveraging PAM
- Limiting Access using Centrify Access components
How can Centrify accelerate and secure MongoDB deployments?
- By providing THE most robust and thoroughly tested way of integrating with AD
- Faster results - time to market these capabilities
- Enhancing security by implementing privileged user management.
Basics: What is SASL?
The key here is that MongoDB supports SASL and SASL can use PAM. Since Centrify makes PAM work with AD out of the Box, implementation is very simple: