I can't access http://localhost:28017 when enabled auth for
mongod; it always pops up username/password even if I fill in correct username/password. I have enabled HTTP & REST in the initial parameter file.
The YAML format parameter file which I use:
But when I disable
mongod authorization, I can login at http://localhost:28017 successfully with no need to fill in username/password.
What's the reason? Does it not support HTTP console under the authorization for 3.0? My version is 3.0.2.
First let me add the standard caveat - do not use the built in HTTP/REST interface in production, only for testing, it should be disabled on production systems.
On to the issue: MongoDB 3.0 now defaults to using SCRAM-SHA-1 for challenge response (username and password) based logins and I am assuming you created your users from scratch in 3.0 (if they were imported from 2.6 they would work unless you did a schema upgrade). The reason you are failing is that the HTTP/REST interface does not support using the new credential mechanism in 3.0 to log in, you have to use the old mechanism.
Basically, you need to have a user with the legacy MONGODB-CR credentials if you want to use the REST interface authenticated. Create the user you wish to use, then use the changeUserPassword command to switch to the MONGODB-CR mechanism. Something like the following:
db.changeUserPassword("restuser", "SOh3TbYhx8ypJPxm", "MONGODB-CR")