- On Prem MMS Monitoring >
- Getting Started with On Prem MMS Monitoring >
- Connect to Hosts with Kerberos Authentication
Connect to Hosts with Kerberos Authentication¶
On this page
Kerberos is a generic authentication protocol available in MongoDB Enterprise after version 2.4. The On Prem MMS Monitoring agent can authenticate to monitored hosts using Kerberos in addition to the default MongoDB authentication protocol.
Install the monitoring agent and all requirements before beginning to configure Kerberos.
Install Required Operating System Packages¶
Debian and Ubuntu Linux¶
Install the following required packages:
Red Hat Enterprise, CentOS and Fedora Linux¶
Install the following required packages:
Install Python Requirements¶
Configure Kerberos Environment¶
- Create or configure the
/etc/kerb5.conffile on the system to integrate this host into your Kerberos environment. - Ensure that the
kinitbinary is available at the/user/bin/kinitpath.
Create Kerberos Principal and MongoDB User¶
Create or choose a Kerberos principal for the On Prem MMS Monitoring agent.
Generate a keytab for the Kerberos principal and copy it to the system where the monitoring agent runs.
Important
Ensure that the user that will run the Monitoring agent is the same user that owns the keytab file.
Create a MongoDB user for the new Kerberos principal. See Authentication Requirements for more information about required authentication roles.
Edit the agent’s
settings.pyfile to inform the agent about the keytab and principal identifier. Set:the
krb5Principalto the name of the Kerberos principal.Set the
kerb5Keytabvalue to the complete absolute path of the keytab file: