SaaS Migration

Page tree

Monitor MongoDB Using Kerberos Authentication

You can only set up Kerberos authentication for MongoDB by using the Custom Connection String option while configuring MongoDB collectors.

Before configuring, ensure you have the Java Authentication and Authorization Service (JAAS) configuration file.

Sample JAAS file
com.sun.security.jgss.initiate {
        com.sun.security.auth.module.Krb5LoginModule required
        principal="admin-username/ip-192.0.2.0.us-west-2.compute.internal@US-WEST-2.COMPUTE.INTERNAL"
        doNotPrompt=true
        useTicketCache=true
        debug=true;
};

Perform the following steps:

  1. Start the Database Agent using the following string in the launch command:

    -Djava.security.auth.login.config=<JAAS-config-filename>
  2. On the Controller UI, navigate to Databases, add a new collector, or modify an existing MongoDB collector.
  3. Under CONNECTION DETAILS, select Custom Connection String, and specify the connection URL:
    mongodb://[URL_ENCODED_PRINCIPAL_NAME@]host1[:port1][,...hostN[:portN]][[?options]]&authMechanism=GSSAPI&authSource=$external
    or,
    mongodb+srv://[URL_ENCODED_PRINCIPAL_NAME@]host1[:port1][,...hostN[:portN]][[?options]]&authMechanism=GSSAPI&authSource=$external


    Sample Connection URL
    mongodb://admin%2Fip-192.0.2.0.us-west-2.compute.internal%40US-WEST-2.COMPUTE.INTERNAL@mongodb.testserver.1com:27017,mongodb.testserver.2com:27017/?directConnection=true&authMechanism=GSSAPI&authSource=$external

    The principal name in the connection string must be URL encoded. For example, if your principal name is:
    admin/ip-192.0.2.0.us-west-2.compute.internal@US-WEST-2.COMPUTE.INTERNAL@

    Then, the URL encoded principal looks like this:
    admin%2Fip-192.0.2.0.us-west-2.compute.internal%40US-WEST-2.COMPUTE.INTERNAL@

    The following table describes the URL components of the sample connection URL:
    URL ComponentsDescription
    mongodb://admin%2Fip-192.0.2.0.us-west-2.compute.internal%40US-WEST-2.COMPUTE.INTERNAL@URL encoded principal name. You can use the URL Encoder to encode your URL.
    mongodb.testserver.1com:27017,mongodb.testserver.2com:27017/?directConnection=trueHost address (comma separated)
    &authMechanism=GSSAPI&authSource=$externalMandatory flags to configure Kerberos authentication


  • No labels


Have a question about the topic on this page? Ask the AppDynamics Community.

Privacy Statement | Change Settings