A bash script illustrating authentication to MongoDB via Kerberos SSO and authorization on MongoDB

kerberos-mongod-auth.sh

# Login into the Kerberos as bob
kinit -p bob
# Password for bob@MDBKRB5.NET:

klist
# Ticket cache: KEYRING:persistent:1000:1000
# Default principal: bob@MDBKRB5.NET
# Valid starting       Expires              Service principal
# 10/04/2018 16:58:49  10/05/2018 16:58:48  krbtgt/MDBKRB5.NET@MDBKRB5.NET

mongo social --quiet --host mdb01.mdbkrb5.net --authenticationMechanism=GSSAPI --authenticationDatabase='$external' --username bob@MDBKRB5.NET
# MongoDB Enterprise rs0:PRIMARY>
# Run the below commands at rs0:PRIMARY prompt

# db.runCommand({connectionStatus: 1}).authInfo
# {
#   "authenticatedUsers": [
#     {
#       "user": "bob@MDBKRB5.NET",
#       "db": "$external"
#     }
#   ],
#   "authenticatedUserRoles": [
#     {
#       "role": "readWrite",
#       "db": "social"
#     }
#   ]
# }

# Test the write privilege on social database
db.people.insert({fname: 'Shyam', lname: 'Arjarapu'})
# WriteResult({ "nInserted" : 1 })

# Test the read privilege on social database
db.people.findOne()
# {
# 	"_id" : ObjectId("5bb647a8315c61d11c361945"),
# 	"fname" : "Shyam",
# 	"lname" : "Arjarapu"
# }

# Note that bob has no previleges on admin database
use admin
# switched to db admin
show collections
# Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus