Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11603

Docs for SERVER-34446: Remove SASLPrep normalization of principal names used in SCRAM-SHA-256

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • 3.7.4
    • None
    • None
    • None

    Description

      Documentation Request Summary:

      No documentation summary in engineering ticket

      Engineering Ticket Description:

      Principal names should be treated as in SCRAM-SHA-1. The server should:

      1) Not perform normalization of usernames during SCRAM-SHA-256
      authentication. Usernames provided by clients would be used as-is. This
      is the behavior of SCRAM-SHA-1 today.
      2) Continue to normalize passwords when used with SCRAM-SHA-256. This
      is more important that the normalization of user names. The byte
      representation of user names can be recovered from the database itself.
      The byte representation of the password cannot, after it's been
      processed into a credential.
      3) Allow createUser to be performed on a SCRAM-SHA-256 user with an
      unnormalized name.

      Attachments

        Activity

          People

            Unassigned Unassigned
            kay.kim@mongodb.com Kay Kim (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              5 years, 43 weeks, 5 days ago