Feedback on lecture "Enabling internal authentication"

Hey guys,

After spending a few hours mucking about with Kerberos + AD, I’m finally moving on :smiley: I hope I can still make Tuesday’s deadline! Anyway… I’m watching the lecture “Enabling internal authentication”.

https://university.mongodb.com/mercury/M310/2018_November/chapter/Chapter_1_Authentication/lesson/581823f4d25d81c78a553f75/tab/581823f86dd666d2ff216d03

In it, @kirbyk sets up a three node replica set with the following commands. He then proceeds to:

  • Initiate the replica set.
  • Create a first user, with the localhost bypass.
  • Add the other two nodes.

He then proclaims the replica set to be functional and to be using the keyfile for mutual authentication. But are we sure about that? Because none of the mongod processes was started with the --authentication command line parameter.

Aaaand not within two minutes I have found the answer to my question:

–keyFile

Specifies the path to a key file that stores the shared secret that MongoDB instances use to authenticate to each other in a sharded cluster or replica set. --keyFile implies --auth . See Internal Authentication for more information.

Source:
https://docs.mongodb.com/manual/reference/program/mongod/

So yeah… Authentication is implicitly enabled when -keyFile is passed.