I’m using the latest MongoDB community version. Using Pymongo I want to set the password expiration for the given user. I tried using the expiresAfterSeconds
parameter in the command function with the updateUser query. But it gives an error that this parameter is unknown. I have to use Username/password auth mechanism.
How can I achieve this? please provide any pointers to the relevant doc.
Hi @Shaktisinh_Jhala, the updateUser command does not give the option of setting a password expiration. Here is a relevant answer on the subject: Set user password expiry every 30 days - #5 by Stennie_X.
@Steve_Silvester Thank you for the answer.
My actual purpose is to deactivate the user for a defined timeframe and activate again after some time. Basically, I have created one password rotation script where I’m using two users to switch while changing other users’ passwords to avoid downtime. I want to restrict customers to use the older user once we create the alternate user. But this action should be performed after some time only. In short, I’m looking for a similar kind of functionality like ValidUntil clause of PostgresDB
Please let me know if we have any similar functionality to this in MongoDB
That functionality was proposed in https://jira.mongodb.org/browse/SERVER-3197, but ultimately not implemented. Unfortunately you’d have to do the password rotation manually, using a CRON job or some other mechanism, unless you use LDAP or Kerberos to manage passwords externally.
Have a look at https://www.vaultproject.io/ it offers some interesting credential rotation.
Here is a quick tutorial on it: