RE: http://docs.mongodb.org/manual/release-notes/3.0-scram/#considerations

The server has a compatibility mode prior to running authSchemaUpgrade that permits it to accept SCRAM-SHA-1 auth attempts, for credentials that it has stored as MONGODB-CR, by applying the conversion on-the-fly and completing the auth attempt successfully despite the client technically presenting the wrong evidence. This means the server is accepting both MONGODB-CR and SCRAM-SHA-1 auth attempts for users stored as MONGODB-CR (until authSchemaUpgrade is run).

This is handy knowledge to be aware of for those drivers where an explicit choice of authentication mechanism is provided, as it permits a smooth upgrade path to a stricter authentication model.

For example, if using the Java driver it is possible to enforce sha1 only (createSha1Credential) from the driver, meaning to explicitly choose to fail if the server turns out to be less than expected (i.e disable the fallback at the driver). This tactic will work for any 3.0 server regardless of whether authSchemaUpgrade has been run.

Somewhere in backwards compatibility this capacity should be expressed.

To be clear: drivers transition to SCRAM regardless of whether the server has had authSchemaUpgrade run. The only thing that authSchemaUpgrade actually does is modify the storage format (and evidence) to the stricter SCRAM requirements.