I recently upgraded from MongoDB 2.6 to 3.0.4 and also upgraded the Mongoose version to 4.0.0. Now when ever i try to connect to mongo using mongoose: <pre class="prettyprint"><code>mongoose.connect('mongodb://user:password@host:port/dbname') </code></pre> On mongo logs i receive this message <blockquote> SCRAM-SHA-1 authentication failed for user on dbname from client xxx.xxx.xxx.xxx </blockquote> I checked in mongodb, the user exists in the admin. The command that i used is <code>db.system.users.findOne({user:'user'})</code> The information returned by this statement contains SCRAM-SHA-1 information. My question is how to specify SCRAM related information in mongoose while establishing connection. I read lots of articles, but failed to understand how its done

Found the solution, I didn't passed the authDatabase name, that's why the connection failed. Earlier i was using this <pre class="prettyprint"><code>mongoose.connect('mongodb://user:password@host:port/dbname') </code></pre> Now i used this <pre class="prettyprint"><code>mongoose.connect('mongodb://user:password@host:port/dbname?authSource=dbWithUserCredentials') </code></pre> Found this solution on Discussion thread of Mongoose itself Edit: Don't forget to replace <code>dbWithUserCredentials</code> with your own. In most cases dbWithUserCredentials would be admin. All the credentials for login like username, password are already specified in the parameter passed to <code>mongoose.connect()</code>.

Authentication in mongoose using SCRAM-SHA-1

I recently upgraded from MongoDB 2.6 to 3.0.4 and also upgraded the Mongoose version to 4.0.0.

Now when ever i try to connect to mongo using mongoose:

mongoose.connect('mongodb://user:password@host:port/dbname')

On mongo logs i receive this message

SCRAM-SHA-1 authentication failed for user on dbname from client xxx.xxx.xxx.xxx

I checked in mongodb, the user exists in the admin. The command that i used is db.system.users.findOne({user:'user'})

The information returned by this statement contains SCRAM-SHA-1 information.

My question is how to specify SCRAM related information in mongoose while establishing connection. I read lots of articles, but failed to understand how its done

What is SCRAM SHA authentication?

Salted Challenge Response Authentication Mechanism (SCRAM) is a password-based mutual authentication protocol designed to make an eavesdropping attack (i.e. man-in-the-middle) more difficult.

Is SCRAM SHA-1 secure?

There are significant security concerns with that mechanism, which could be addressed by the use of a challenge response authentication mechanism protected by TLS." This means that implementing SCRAM with SHA-1 won't add any extra protection for passwords transmitted through TLS.

What authentication mechanisms are available in the community version of MongoDB?

In this guide, you can find sample code for connection to MongoDB with each authentication mechanism available in the MongoDB Community Edition: DEFAULT , SCRAM-SHA-256 , SCRAM-SHA-1 , MONGODB-CR , MONGODB-AWS , and X. 509 .

Found the solution, I didn't passed the authDatabase name, that's why the connection failed. Earlier i was using this

mongoose.connect('mongodb://user:password@host:port/dbname')

Now i used this

mongoose.connect('mongodb://user:password@host:port/dbname?authSource=dbWithUserCredentials')

Found this solution on Discussion thread of Mongoose itself

Edit:

Don't forget to replace dbWithUserCredentials with your own. In most cases dbWithUserCredentials would be admin. All the credentials for login like username, password are already specified in the parameter passed to mongoose.connect().

I had a similar problem. It was fixed after updating mongoose to v4.1.11.

Authentication in mongoose using SCRAM-SHA-1

Tags:

mongoose

sunitj

People also ask

2 Answers

sunitj

YaTaras

Recent Activity

Donate For Us

Authentication in mongoose using SCRAM-SHA-1

Tags:

mongoose

sunitj

People also ask

2 Answers

sunitj

YaTaras

Related questions

Recent Activity

Donate For Us