Replica set authentication question

Is it possible to set a mongodb replica set, where an authentication is going to be required from any coming user (client), but without a key-file and authentication between the members of the set?

When I try to set this up, I am having some problems.
But I am not sure if it is because I did something wrong or because it is just not possible.

It will be easier for us to help if you describe your problems in greater details. What are the steps taken and where it fails? Screenshot and log files are all helpful.


Hello @Michel_Bouchet, according to the documentation, enabling authorization to access replia-set requires enabling internal security between the members of the replica-set. Authorization allows creation of users and assign roles to them.

See Update Replica Set to Keyfile Authentication:

Enforcing access control on an existing replica set requires configuring:

  • Security between members of the replica set using Internal Authentication, and
  • Security between connecting clients and the replica set using User Access Controls.

Also, see Enable Access Control - Replica Sets and Sharded clusters:

Replica sets and sharded clusters require internal authentication between members when access control is enabled.


@steevej. Thanks for the reply. You’re almost right, except that if the answer to my question is NO, there is nothing of interest to describe and share.
If the answer is YES, I could indeed share a few things to help anyone spot an issue in what I did.
In other words I first need a YES or NO in order to move to the next step.

@Prasad_Saya. Your answer seems to mean NO. But it is not clear, “authorization” is not part of my question, I am only concerned about “authentication”.

@Prasad_Saya May have switched AuthN and AuthZ but the links and quotes they posted clearly state that enabling access control requires configuring the security between replica set members.

1 Like

OK, thanks. So to put it short and simple your answer is NO.
That seems to match what I have also found by searching on my side and by trying out.