CDRIVER-2150 implemented caching for SCRAM-SHA-1 by tracking the client key, server key, and salted password on the mongoc_cluster_t object. Once cached, those values are then used for all subsequent SCRAM authentications for the same cluster/client.

In PHPC-1022, we discovered that this behavior was the cause of occasional authentication failures for persisted libmongoc clients. While the client error was vague, the server logs indicated:

AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch

Looking at 16e8333 for SERVER-26952,
scram_sha1_client_cache.cpp uses the following pre-secrets as its hash key:

• hashed password
• salt
• iteration count

Rather than maintain a single cache entry for the entire cluster, libmongoc should cache its secrets by an n-tuple of the above pre-secrets. This cache need not be limited to mongoc_cluster_t. We can have _mongoc_scram_startup() (called by _mongoc_do_init() initialize a global hash table for use by all libmongoc clients. This will allow us to remove any notion of caching from mongoc-cluster.c and contain it within mongoc-scram.c. That hash table can later be freed in a new _mongoc_scram_cleanup() function, which can be invoked by _mongoc_do_cleanup().