Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 1.11.0
Affects Version/s: None
Component/s: None
Labels:
None

Epic Link:
CDRIVER MongoDB 4.0 Support
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

The next version of MongoDB will include SCRAM-SHA-256 as an authentication type. This is defined in RFC 7677. The sample conversation from the RFC is:

 This is a simple example of a SCRAM-SHA-256 authentication exchange... The username
   'user' and password 'pencil' are being used

   C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO

   S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
      s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096

   C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
      p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=

   S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=

In advance of updates to the Auth spec, which will include additional details of mechanism negotiation and user/password normalization (see ~~DRIVERS-444~~), all drivers should take steps now to ensure their SCRAM libraries are capable of operating in SHA-256 mode, using the sample conversation for verification. (You'll need for force the client nonce to be "rOprNGfwEbeRWgbNEkqO" for the test conversation to work.)

is depended on by

CXX-1559 Update SCRAM-SHA-256 implementation and tests for spec change

Closed

DRIVERS-439 SCRAM-SHA-256 Support

Closed

PHPC-1108 SCRAM-SHA-256 Support

Closed

is related to

CDRIVER-2613 Update SCRAM-SHA-256 implementation and tests for spec change

Closed

Assignee:: Kevin Albertson
Reporter:: Rathi Gnanasekaran (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Feb 02 2018 09:53:31 PM UTC
Updated:: Oct 28 2023 11:30:08 AM UTC
Resolved:: Jun 01 2018 08:33:44 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates