@@ -73,8 +73,7 @@ Authentication Parameters
7373
7474 .. include:: /includes/list-table-auth-mechanisms.rst
7575
76- You can only set :parameter:`authenticationMechanisms` during
77- start-up.
76+ .. include:: /includes/fact-startup-parameter
7877
7978 For example, to specify both ``PLAIN`` and ``SCRAM-SHA-256`` as the
8079 authentication mechanisms, use the following command:
@@ -130,6 +129,8 @@ Authentication Parameters
130129
131130 .. include:: /includes/extracts/ssl-facts-see-more.rst
132131
132+ .. include:: /includes/fact-runtime-parameter
133+
133134 .. code-block:: bash
134135
135136 db.adminCommand( { setParameter: 1, clusterAuthMode: "sendX509" } )
@@ -141,11 +142,7 @@ Authentication Parameters
141142 Specify ``0`` or ``false`` to disable localhost authentication
142143 bypass. Enabled by default.
143144
144- :parameter:`enableLocalhostAuthBypass` is not available using
145- :dbcommand:`setParameter` database command. Use the
146- :setting:`setParameter` option in the configuration file or the
147- :option:`--setParameter <mongod --setParameter>` option on the
148- command line.
145+ .. include:: /includes/fact-startup-parameter
149146
150147 See :ref:`localhost-exception` for more information.
151148
@@ -158,9 +155,7 @@ Authentication Parameters
158155 is valid before rotating to the next one. This parameter is intended
159156 primarily to facilitate authentication testing.
160157
161- You can only set :parameter:`KeysRotationIntervalSec` during
162- start-up, and cannot change this setting with the
163- :dbcommand:`setParameter` database command.
158+ .. include:: /includes/fact-startup-parameter
164159
165160.. parameter:: ldapForceMultiThreadMode
166161
@@ -489,9 +484,7 @@ Authentication Parameters
489484 :dbcommand:`validate` returns as many results as possible and warns
490485 that not all corruption might be reported because of the limit.
491486
492- You can set :parameter:`maxValidateMemoryUsageMB` during startup, and
493- can change this setting using the :dbcommand:`setParameter` database
494- command.
487+ .. include:: /includes/fact-runtime-startup-parameter
495488
496489.. parameter:: oidcIdentityProviders
497490
@@ -511,9 +504,7 @@ Authentication Parameters
511504
512505 .. include:: /includes/fact-oidc-providers.rst
513506
514- You can only set ``oidcIdentityProviders`` during startup in the
515- :setting:`configuration file <setParameter>` or with the
516- ``--setParameter`` option on the command line.
507+ .. include:: /includes/fact-startup-parameter
517508
518509.. parameter:: ocspEnabled
519510
@@ -523,10 +514,9 @@ Authentication Parameters
523514
524515 The flag that enables or disables OCSP.
525516
526- You can only set :parameter:`ocspEnabled` during startup in the
527- :setting:`configuration file <setParameter>` or with the
528- ``--setParameter`` option on the command line. For example, the
529- following disables OCSP:
517+ .. include:: /includes/fact-startup-parameter
518+
519+ For example, the following disables OCSP:
530520
531521 .. code-block:: bash
532522
@@ -585,9 +575,7 @@ Authentication Parameters
585575 cipher suites for use with TLS 1.3, use the
586576 :parameter:`opensslCipherSuiteConfig` parameter.
587577
588- You can only set :parameter:`opensslCipherConfig` during start-up,
589- and cannot change this setting using the :dbcommand:`setParameter`
590- database command.
578+ .. include:: /includes/fact-startup-parameter
591579
592580 For version 4.2 and greater, the use of ``TLS`` options is preferred
593581 over ``SSL`` options. The TLS options have the same functionality as
@@ -618,11 +606,10 @@ Authentication Parameters
618606 strings for use with TLS 1.2 or earlier, use the
619607 :parameter:`opensslCipherConfig` parameter.
620608
621- You can only set :parameter:`opensslCipherSuiteConfig` during
622- start-up, and cannot change this setting using the
623- :dbcommand:`setParameter` database command. For example, the
624- following configures a :binary:`~bin.mongod` with a
625- :parameter:`opensslCipherSuiteConfig` cipher suite of
609+ .. include:: /includes/fact-startup-parameter
610+
611+ For example, the following configures a :binary:`~bin.mongod`
612+ with a :parameter:`opensslCipherSuiteConfig` cipher suite of
626613 ``'TLS_AES_256_GCM_SHA384'`` for use with TLS 1.3:
627614
628615 .. code-block:: bash
@@ -659,9 +646,7 @@ Authentication Parameters
659646 not supported with Java 6 and 7 unless extended support has been
660647 purchased from Oracle.
661648
662- You can only set :parameter:`opensslDiffieHellmanParameters` during
663- startup, and cannot change this setting using the
664- :dbcommand:`setParameter` database command.
649+ .. include:: /includes/fact-startup-parameter
665650
666651 If for performance reasons, you need to disable support for DHE
667652 cipher suites, use the :parameter:`opensslCipherConfig` parameter:
@@ -679,6 +664,8 @@ Authentication Parameters
679664 Specify the path to the Unix Domain Socket of the ``saslauthd``
680665 instance to use for proxy authentication.
681666
667+ .. include:: /includes/fact-startup-parameter
668+
682669.. parameter:: saslHostName
683670
684671 |both|
@@ -691,9 +678,7 @@ Authentication Parameters
691678 :binary:`~bin.mongod` or :binary:`~bin.mongos` instance for any purpose
692679 beyond the configuration of SASL and Kerberos.
693680
694- You can only set :parameter:`saslHostName` during start-up, and
695- cannot change this setting using the :dbcommand:`setParameter`
696- database command.
681+ .. include:: /includes/fact-startup-parameter
697682
698683 .. note::
699684
@@ -717,9 +702,7 @@ Authentication Parameters
717702 principal name, on a per-instance basis. If unspecified, the
718703 default value is ``mongodb``.
719704
720- MongoDB only permits setting :parameter:`saslServiceName` at
721- startup. The :dbcommand:`setParameter` command can not change
722- this setting.
705+ .. include:: /includes/fact-startup-parameter
723706
724707 :parameter:`saslServiceName` is only available in MongoDB
725708 Enterprise.
@@ -744,6 +727,8 @@ Authentication Parameters
744727 existing passwords. The :parameter:`scramIterationCount` value must
745728 be ``5000`` or greater.
746729
730+ .. include:: /includes/fact-runtime-startup-parameter
731+
747732 For example, the following sets the :parameter:`scramIterationCount`
748733 to ``12000``.
749734
@@ -780,6 +765,8 @@ Authentication Parameters
780765 existing passwords. The :parameter:`scramSHA256IterationCount` value
781766 must be ``5000`` or greater.
782767
768+ .. include:: /includes/fact-runtime-startup-parameter
769+
783770 For example, the following sets the :parameter:`scramSHA256IterationCount`
784771 to ``20000``.
785772
@@ -810,6 +797,8 @@ Authentication Parameters
810797
811798 .. include:: /includes/extracts/ssl-facts-see-more.rst
812799
800+ .. include:: /includes/fact-runtime-parameter
801+
813802 .. code-block:: bash
814803
815804 db.adminCommand( { setParameter: 1, sslMode: "preferSSL" } )
@@ -834,6 +823,8 @@ Authentication Parameters
834823 upgrade to TLS/SSL </tutorial/upgrade-cluster-to-ssl>` to minimize
835824 downtime.
836825
826+ .. include:: /includes/fact-runtime-parameter
827+
837828 .. code-block:: bash
838829
839830 db.adminCommand( { setParameter: 1, tlsMode: "preferTLS" } )
@@ -862,6 +853,8 @@ Authentication Parameters
862853 Use this parameter to rotate certificates when the new certificates have
863854 different attributes or extension values.
864855
856+ .. include:: /includes/fact-startup-parameter
857+
865858.. parameter:: tlsOCSPStaplingTimeoutSecs
866859
867860 Available for Linux.
@@ -874,11 +867,10 @@ Authentication Parameters
874867 :parameter:`tlsOCSPStaplingTimeoutSecs` uses the
875868 :parameter:`tlsOCSPVerifyTimeoutSecs` value.
876869
877- You can only set :parameter:`tlsOCSPStaplingTimeoutSecs` during
878- startup in the :setting:`configuration file <setParameter>` or with
879- the ``--setParameter`` option on the command line. For example, the
880- following sets the :parameter:`tlsOCSPStaplingTimeoutSecs` to 20
881- seconds:
870+ .. include:: /includes/fact-startup-parameter
871+
872+ For example, the following sets the
873+ :parameter:`tlsOCSPStaplingTimeoutSecs` to 20 seconds:
882874
883875 .. code-block:: bash
884876
@@ -902,11 +894,10 @@ Authentication Parameters
902894
903895 Specify an integer greater than or equal to (``>=``) 1.
904896
905- You can only set :parameter:`tlsOCSPVerifyTimeoutSecs` during
906- startup in the :setting:`configuration file <setParameter>` or with
907- the ``--setParameter`` option on the command line. For example, the
908- following sets the :parameter:`tlsOCSPVerifyTimeoutSecs` to 20
909- seconds:
897+ .. include:: /includes/fact-startup-parameter
898+
899+ For example, the following sets the
900+ :parameter:`tlsOCSPVerifyTimeoutSecs` to 20 seconds:
910901
911902 .. code-block:: bash
912903
@@ -933,10 +924,9 @@ Authentication Parameters
933924
934925 .. include:: /includes/fact-ssl-tlsCAFile-tlsUseSystemCA.rst
935926
936- You can set ``tlsUseSystemCA`` only during startup in the
937- :setting:`configuration file <setParameter>` or with the ``--setParameter``
938- option on the command line. For example, to set ``tlsUseSystemCA`` to
939- ``true``:
927+ .. include:: /includes/fact-startup-parameter
928+
929+ For example, to set ``tlsUseSystemCA`` to ``true``:
940930
941931 .. code-block:: bash
942932
@@ -968,6 +958,8 @@ Authentication Parameters
968958 deployment. ``tlsWithholdClientCertificate`` is mutually exclusive with
969959 :option:`--clusterAuthMode x509 <mongod --clusterAuthMode>`.
970960
961+ .. include:: /includes/fact-startup-parameter
962+
971963.. parameter:: tlsX509ClusterAuthDNOverride
972964
973965 .. versionadded:: 4.2
@@ -1002,6 +994,8 @@ Authentication Parameters
1002994 If set, you must set this parameter on all members of the
1003995 deployment.
1004996
997+ .. include:: /includes/fact-runtime-startup-parameter
998+
1005999 You can use this parameter for a rolling update of certificates to
10061000 new certificates that contain a new ``DN`` value. See
10071001 :doc:`/tutorial/rotate-x509-membership-certificates`.
@@ -1031,14 +1025,7 @@ Authentication Parameters
10311025
10321026 This parameter has a minimum value of ``0``.
10331027
1034- You can only set :parameter:`tlsX509ExpirationWarningThresholdDays`
1035- during ``mongod/mongos`` startup using either:
1036-
1037- - The :setting:`setParameter` configuration setting, *or*
1038-
1039- - The :option:`mongod --setParameter <mongod --setParameter>` /
1040- :option:`mongos --setParameter <mongos --setParameter>` command
1041- line option.
1028+ .. include:: /includes/fact-startup-parameter
10421029
10431030 See :ref:`4.4-rel-notes-certificate-expiration-warning` for more
10441031 information on x.509 expiration warnings.
@@ -1088,6 +1075,8 @@ Authentication Parameters
10881075 This parameter has a minimum value of ``1`` second and a maximum
10891076 value of ``86400`` seconds (24 hours).
10901077
1078+ .. include:: /includes/fact-runtime-startup-parameter
1079+
10911080.. parameter:: authFailedDelayMs
10921081
10931082 |both|
@@ -1115,8 +1104,7 @@ Authentication Parameters
11151104 A boolean flag that allows or disallows the retrieval of
11161105 authorization roles from client x.509 certificates.
11171106
1118- You can only set :parameter:`allowRolesFromX509Certificates` during
1119- startup in the config file or on the command line.
1107+ .. include:: /includes/fact-startup-parameter
11201108
11211109General Parameters
11221110~~~~~~~~~~~~~~~~~~
0 commit comments